Git Product home page Git Product logo

pngcrush's Introduction

Pngcrush

Pngcrush is an optimizer for PNG (Portable Network Graphics) files. It can be run from a commandline in an MSDOS window, or from a UNIX or LINUX commandline.

Its main purpose is to reduce the size of the PNG IDAT datastream by trying various compression levels and PNG filter methods. It also can be used to remove unwanted ancillary chunks, or to add certain chunks including gAMA, tRNS, iCCP, and textual chunks.

Source on Sourceforge

Usage

  1. Put your all png files into "workspace_in" folder;

  2. Run batch_script.sh to recompress png files:

     $ ./batch_script.sh

  3. All recompressed png files will be outputed into "workspace_out" folder;

  4. Copy the files in "workspace_out" folder to your desired place;

  5. Rm all files in "workspace_in" & "workspace_out" folders.

Note: The binary files under ./pngcrush/ were built by "GNU Make" (v3.81), you can build by yourself if want.

    $ cd ./pngcrush  
    $ make clean  
    $ make  
    $ cd -

License

Pngcrush is open source and may be used, modified, and redistributed by anyone without paying a fee. The license, embedded in the file pngcrush.c, is equivalent but not identical to the libpng license found in the libpng file png.h.

The source except for pngcrush lib is also here granted for anyone by Kjuly.

Declare

The author of pngcrush is Glenn Randers-Pehrson ( [email protected] )

This repo is maintained by Kjuly ( [email protected] ). Based on pngcrush project, added .batch_script.sh to do batch job easier.

pngcrush's People

Contributors

kjuly avatar madpew avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jeeliu kerasking williamren vniu lovoror grassss betashepherd bellyabc123 suncle am11 hnlylmlzh theewind heke006 alex-games templeblock shreyash14s 6atranj philcai1993 ideacp yanchunlei hoozukii hlt7777777 harlowja david-hyouling nanjibingshuang mrxianwen xdumengyu huanhailiuxin zhangxiangdong brugarolas zephyrer fivefootseventeen oss-evaluation-repository

pngcrush's Issues

global-buffer-overflow

We are able to trigger a global-buffer-overflow with the attached input.

unzip 0.zip
pngcrush -reduce 0 /dev/null

0.zip

 | pngcrush-1.8.1
 |    Copyright (C) 1998-2002, 2006-2016 Glenn Randers-Pehrson
 |    Portions Copyright (C) 2005 Greg Roelofs
 | This is a free, open-source program.  Permission is irrevocably
 | granted to everyone to use this version of pngcrush without
 | payment of any fee.
 | Executable name is pngcrush
 | It was built with   bundled libpng-1.6.21
 | and is running with bundled libpng-1.6.21
 |    Copyright (C) 1998-2004, 2006-2016 Glenn Randers-Pehrson,
 |    Copyright (C) 1996, 1997 Andreas Dilger,
 |    Copyright (C) 1995, Guy Eric Schalnat, Group 42 Inc.,
 | and bundled zlib-1.2.8, Copyright (C) 1995-2013,
 |    Jean-loup Gailly and Mark Adler.
 | It was compiled with gcc version 4.2.1 Compatible Clang 8.0.0 (trunk 341771).

   Reading IEND chunk.
   Recompressing IDAT chunks in output/crashes/id:000000,sig:06,src:000033+000211,op:splice,rep:2
   Total length of data found in critical chunks            =        45
While converting output/crashes/id:000000,sig:06,src:000033+000211,op:splice,rep:2 to /dev/null:
  pngcrush caught libpng error:
   IEND: out of place

=================================================================
==32122==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000011f759c at pc 0x000000571eca bp 0x7ffea800a8d0 sp 0x7ffea800a8c8
WRITE of size 4 at 0x0000011f759c thread T0
    #0 0x571ec9 in main /home/t/Projects/afl/fuzzing-experiments/subjects/pngcrush/pngcrush/pngcrush.c:7133:32
    #1 0x7ff1019b2b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #2 0x41ac09 in _start (/home/t/Projects/afl/fuzzing-experiments/subjects/pngcrush/pngcrush/pngcrush+0x41ac09)

0x0000011f759c is located 0 bytes to the right of global variable 'idat_length' defined in 'pngcrush.c:1940:20' (0x11f7340) of size 604
SUMMARY: AddressSanitizer: global-buffer-overflow /home/t/Projects/afl/fuzzing-experiments/subjects/pngcrush/pngcrush/pngcrush.c:7133:32 in main
Shadow bytes around the buggy address:
  0x000080236e60: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x000080236e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080236e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080236e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080236ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x000080236eb0: 00 00 00[04]f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x000080236ec0: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
  0x000080236ed0: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
  0x000080236ee0: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
  0x000080236ef0: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9
  0x000080236f00: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==32122==ABORTING

global buffer overflow in pngcrush.c

Hello, we found the global buffer overflow vulnerability in pngcrush binary.

Below are steps followed to reproduce the crash.
I used GCC 5.4 and AddressSanitizer (export CFLAGS="-g -fsanitize=address" CXXFLAGS="-g -fsanitize=address" LDFLAGS="-fsanitize=address" before make) to build it, this file can cause global buffer overflow in pngcrush.c 7133:

Test case: crash.png

Here is the vulnerability information:

==3637885==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000798d3c at pc 0x000000419137 bp 0x7ffd350082c0 sp 0x7ffd350082b0
WRITE of size 4 at 0x000000798d3c thread T0
    #0 0x419136 in main /root/--/2-round/pngcrush/asan/pngcrush/pngcrush/pngcrush.c:7133
    #1 0x7f4756e2e82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #2 0x423058 in _start (/root/--/2-round/pngcrush/asan/pngcrush/pngcrush/pngcrush+0x423058)

0x000000798d3c is located 36 bytes to the left of global variable 'input_format' defined in 'pngcrush.c:1934:12' (0x798d60) of size 4
0x000000798d3c is located 0 bytes to the right of global variable 'idat_length' defined in 'pngcrush.c:1940:20' (0x798ae0) of size 604
SUMMARY: AddressSanitizer: global-buffer-overflow /root/--/2-round/pngcrush/asan/pngcrush/pngcrush/pngcrush.c:7133 main
Shadow bytes around the buggy address:
  0x0000800eb150: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0000800eb160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800eb170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800eb180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800eb190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0000800eb1a0: 00 00 00 00 00 00 00[04]f9 f9 f9 f9 04 f9 f9 f9
  0x0000800eb1b0: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
  0x0000800eb1c0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
  0x0000800eb1d0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
  0x0000800eb1e0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
  0x0000800eb1f0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe

I hope this information is useful to you.

cannot execute binary file: Exec format error

When I run the batch_script.sh I get some junk output below

../pngcrush/pngcrush: 1: ../pngcrush/pngcrush: �����������: not found
../pngcrush/pngcrush: 2: ../pngcrush/pngcrush: �dK��: not found
../pngcrush/pngcrush: 3: ../pngcrush/pngcrush: ���__stubs__TEXT�V�����V����__stub_helper__TEXT0W����0W����__const__TEXT: not found
../pngcrush/pngcrush: 4: ../pngcrush/pngcrush: Syntax error: word unexpected (expecting ")")

And when I try running the executable directly it give error

bash: ./pngcrush/pngcrush: cannot execute binary file: Exec format error

pngcrush collapsed

When I run pngcrush in Ms-dos, I got the problem below:

    应用程序无法正常启动(0xc000007b). 请单击 " 确定" 关闭应用程序.

But sometiems, it can run perfectly.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.