AFL "(odd, check syntax!) "

Question

I am trying to fuzz pngquant using AFL and noticed that I am seeing the odd, check syntax! warning. A previous answer says that AFL is probably not reading the input file I specified. I am able to invoke pngquant by providing the png file located in the same input sample directory I used while fuzzing with AFL.

The AFL command I executed is:

afl-fuzz -i ./in-filtered -o ./out -x ./dictionary/png.dict -- pngquant @@

The AFL documentation mentions that the odd, check syntax! warning may pop up when AFL is not able to find new paths.

Additionally, I notice that the warning pops up as soon as AFL begins using the havoc fuzzing strategy, the images below show that the cycle counts start incrementing as soon as the fuzzer begins using havoc.

Answer 1

This is because of incorrect usage of pngquant.

When using pngquant, it produces an output file with your results, when you do it twice you will encounter an error:

➜  pngquant git:(master) ✗ ./pngquant  ./test/img/metadata.png
➜  pngquant git:(master) ✗ ./pngquant  ./test/img/metadata.png
error: './test/img/metadata-fs8.png' exists; not overwriting

AFL has no chance to explore the target, since it gets blocked every time.

After a quick look, the easiest fix is like this:

afl-fuzz -i ./in -o ./out -- ./pngquant -f -- @@

This forces pngquant to overwrite the resultfile and therefore enables afl-fuzz. However, be aware that this produces a lot of IO. So try to circumvent this using /dev/null or similar tricks.

Happy fuzzing!