Robustness testing

From Gnash Project Wiki

Jump to: navigation, search

Feeding scrambled input to gnash

Use ulimit to have core dumps on assertion failing/segfaults:

ulimit -c unlimited

Use zzuf to scramble any SWF file you have and pass the result to Gnash:

zzuf < INPUTFILE | gui/gnash -v -

To automate the process by feeding many different malformations of the same movie, you can use zzuf as follows. This example scrambles movie.swf in 1001 different ways. Gnash exits after 1 second (-t1), so you can leave this to run while you go and do something else. The zzuf option -C sets the number of errors before zzuf stops its run (default stops at the first error). The zzuf option -F sets the maximum number of gnash instances to run at the same time (you can easily cause fork bombs with this option). The zzuf options -q quietens Gnash's output so you can see which seeds caused Gnash to fail.

zzuf -s0:1000 -C10 -q -F3 -c gnash movie.swf -t1

Use gdb to see what wasn't robust:

libtool --mode=execute gdb gui/gnash core

When gnash stops aborting/segfaulting, see zzuf manual page to scramble more:

man zzuf

References