bharatkrishna · July 22, 2012 00:22
diff --git a/fuzzer.py b/fuzzer.py
 ''' 
 A fuzzer for IrfanView image viewer. 
 IrfanView: http://www.irfanview.com/
 '''
 import math
 import random
 import string
 import subprocess
 import time

 ''' Config '''

 location = "./images/"
 app = "C:\\Program Files (x86)\\IrfanView\\i_view32.exe"

 file_extension = [".jpg",".gif",".png",".tif",".ico", ".bmp"]

 fuzz_output = ""

 FuzzFactor = 250
 num_tests = 10000
 num_crashed = 0 

 ''' end config '''

 def random_file():
    ''' Random file generator '''
    extension = random.choice(file_extension)
    global fuzz_output
    fuzz_output="fuzz"+extension
    rfile = str(random.randint(1,3))+extension
    return location+rfile

 start_time = time.time() 

 ''' Charlie Miller's Fuzzer code '''

 for i in range(num_tests):    
    file_choice = random_file()        
    buf = bytearray(open(file_choice,'rb').read())    
    numwrites = random.randrange(math.ceil((float(len(buf))/FuzzFactor)))+ 1
    
    for j in range(numwrites):
        rbyte = random.randrange(256)
        rn = random.randrange(len(buf))
        buf[rn] = "%c"%(rbyte)
        
    ''' End Charlie Miller's Fuzzer code '''
        
    open(fuzz_output, 'wb').write(buf)
    process = subprocess.Popen([app,fuzz_output])
    
    time.sleep(1)
    crashed = process.poll()
    if crashed :
        num_crashed+=1
        print "Number of crashes:",num_crashed
        print "number of writes:", numwrites
        print "return code:", process.returncode
        print 
    else: 
        process.terminate()
        
 end_time = (time.time()-start_time)         
 print "Number of crashes is",num_crashed  
 print "Time taken to complete %d iterations is %f s" % (num_tests, end_time)
	'''
	A fuzzer for IrfanView image viewer.
	IrfanView: http://www.irfanview.com/
	'''
	import math
	import random
	import string
	import subprocess
	import time

	''' Config '''

	location = "./images/"
	app = "C:\\Program Files (x86)\\IrfanView\\i_view32.exe"

	file_extension = [".jpg",".gif",".png",".tif",".ico", ".bmp"]

	fuzz_output = ""

	FuzzFactor = 250
	num_tests = 10000
	num_crashed = 0

	''' end config '''

	def random_file():
	''' Random file generator '''
	extension = random.choice(file_extension)
	global fuzz_output
	fuzz_output="fuzz"+extension
	rfile = str(random.randint(1,3))+extension
	return location+rfile

	start_time = time.time()

	''' Charlie Miller's Fuzzer code '''

	for i in range(num_tests):
	file_choice = random_file()
	buf = bytearray(open(file_choice,'rb').read())
	numwrites = random.randrange(math.ceil((float(len(buf))/FuzzFactor)))+ 1

	for j in range(numwrites):
	rbyte = random.randrange(256)
	rn = random.randrange(len(buf))
	buf[rn] = "%c"%(rbyte)

	''' End Charlie Miller's Fuzzer code '''

	open(fuzz_output, 'wb').write(buf)
	process = subprocess.Popen([app,fuzz_output])

	time.sleep(1)
	crashed = process.poll()
	if crashed :
	num_crashed+=1
	print "Number of crashes:",num_crashed
	print "number of writes:", numwrites
	print "return code:", process.returncode
	print
	else:
	process.terminate()

	end_time = (time.time()-start_time)
	print "Number of crashes is",num_crashed
	print "Time taken to complete %d iterations is %f s" % (num_tests, end_time)