时时勤拂拭,勿使惹尘埃

TOC

Categories

Crash&Poc Report


报告记录&poc:

最近fuzz出了不少crash,提交记录git:
https://github.com/gandalf4a/crash_report
整理如下:
不定期持续更新

vim

heap-use-after-free

CVE-2023-48706: https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q

macOS

SEGV

https://security.apple.com/reports/OE1924480424134
https://security.apple.com/reports/OE1924480845324
https://security.apple.com/reports/OE1924480429154
https://security.apple.com/reports/OE1924480517883
https://security.apple.com/reports/OE1924480320443
https://security.apple.com/reports/OE1924500326942

vlc

SEGV

https://forum.videolan.org/viewtopic.php?t=163396

radare2

r2

heap-buffer-overflow

CVE-2023-5686: https://huntr.dev/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0
CVE-2023-47016: https://github.com/radareorg/radare2/issues/22349

global-buffer-overflow

CVE-2023-46569:https://github.com/radareorg/radare2/issues/22333
CVE-2023-46570:https://github.com/radareorg/radare2/issues/22334

duktape

stack-overflow

https://github.com/svaarala/duktape/issues/2548
https://github.com/svaarala/duktape/issues/2549
https://github.com/svaarala/duktape/issues/2550
https://github.com/svaarala/duktape/issues/2551
https://github.com/svaarala/duktape/issues/2552
https://github.com/svaarala/duktape/issues/2553
6: https://www.huntr.dev/bounties/444d8c24-c2b0-4a48-b076-f964c6ce5482

SEGV

2: https://www.huntr.dev/bounties/e2a1370b-fe6d-42cc-be51-fa9d25a6369d

gpac

MP4Box

heap-use-after-free

https://github.com/gpac/gpac/issues/2611
https://www.huntr.dev/bounties/e55961c9-ad52-437b-b796-9546a8f124e7/

double-free

https://github.com/gpac/gpac/issues/2612

stack-buffer-overflow

https://github.com/gpac/gpac/issues/2613
2: https://www.huntr.dev/bounties/f7f9171e-661f-471f-aa2c-fedd23ff1b52/

heap-buffer-overflow

https://github.com/gpac/gpac/issues/2614
https://github.com/gpac/gpac/issues/2615

https://github.com/gpac/gpac/issues/2616

https://github.com/gpac/gpac/issues/2617

https://github.com/gpac/gpac/issues/2618

https://github.com/gpac/gpac/issues/2619
4: https://www.huntr.dev/bounties/b514352a-d64b-4230-936d-612eb96ce105/

SEGV

https://github.com/gpac/gpac/issues/2620
https://github.com/gpac/gpac/issues/2621

https://github.com/gpac/gpac/issues/2622

https://github.com/gpac/gpac/issues/2623

https://github.com/gpac/gpac/issues/2624

https://github.com/gpac/gpac/issues/2625

https://github.com/gpac/gpac/issues/2626

CVE-2023-5595:3-https://www.huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e/
3: https://huntr.dev/bounties/dd176822-178f-43b0-bbeb-20390cdb623e/

memcpy-param-overlap

https://www.huntr.dev/bounties/d3290105-c964-4419-82d9-89782b3b2796/

FPE

2: https://www.huntr.dev/bounties/4d3dda71-1d2a-42ba-8f2e-ef83db85f8a2/

tsMuxer

SEGV

https://github.com/justdan96/tsMuxer/issues/783

heap-buffer-overflow

https://github.com/justdan96/tsMuxer/issues/784
https://github.com/justdan96/tsMuxer/issues/785
https://github.com/justdan96/tsMuxer/issues/786
https://github.com/justdan96/tsMuxer/issues/787
https://github.com/justdan96/tsMuxer/issues/788
2: https://www.huntr.dev/bounties/0a491f4d-b842-4cb9-aad6-5781fbea3320/

jerryscript

jerry

SEGV

https://github.com/jerryscript-project/jerryscript/issues/5101
https://github.com/jerryscript-project/jerryscript/issues/5102

global-buffer-overflow

https://www.huntr.dev/bounties/509c05d1-c0a9-4b4e-90f4-def498ab2ae9/

Mozilla

Spidermonkey

SEGV

https://bugzilla.mozilla.org/show_bug.cgi?id=1856646
https://bugzilla.mozilla.org/show_bug.cgi?id=1856649
https://bugzilla.mozilla.org/show_bug.cgi?id=1860721

Webkit

JavaScriptCore

memory leaks

https://bugs.webkit.org/show_bug.cgi?id=262370

libpng

pngimage

heap-buffer-overflow

https://github.com/glennrp/libpng/issues/481

libtiff

tiffcrop

heap-buffer-overflow & heap-use-after-free & SIGSEGV

https://gitlab.com/libtiff/libtiff/-/issues/573

heap-buffer-overflow

https://gitlab.com/libtiff/libtiff/-/issues/563
https://gitlab.com/libtiff/libtiff/-/issues/562
https://gitlab.com/libtiff/libtiff/-/issues/561
https://gitlab.com/libtiff/libtiff/-/issues/564
https://gitlab.com/libtiff/libtiff/-/issues/565
https://gitlab.com/libtiff/libtiff/-/issues/566
https://gitlab.com/libtiff/libtiff/-/issues/567
https://gitlab.com/libtiff/libtiff/-/issues/568
https://gitlab.com/libtiff/libtiff/-/issues/569

xpdfreader

pdftotext

stack-overflow

https://forum.xpdfreader.com/viewtopic.php?t=42378
https://forum.xpdfreader.com/viewtopic.php?t=42376
https://forum.xpdfreader.com/viewtopic.php?t=42377
https://forum.xpdfreader.com/viewtopic.php?t=42379

SIGSEGV

https://forum.xpdfreader.com/viewtopic.php?p=44307

秒出图?2080ti矿渣Stable Diffusion丹炉


0x0 丹炉配置

五一时候,关注很久的V2二合一平板做活动, i7-1165G7 32G 512G还送显卡坞,只要4999软妹币,性价比爆棚。正好家里笔记本都太老了,需要一个能带出门性能够用的设备

虽然续航实在是捉急,虽然只是4核8线程,虽然AMD YES,虽然最近几代intel移动端能耗比简直被吊打,但4K LCD屏幕,加上这配置,还有显卡坞,这价格,真香。。

简单说一下丹炉整体配置:

  • 电脑:v2二合一平板(i7-1165g7,32G,512G)
  • 显卡坞:Graphix(雷电3)
    • 显卡:影驰公版 RTX 2080 Ti 11g——矿渣
    • 存储:2T 镁光 5200pro sata ssd——大船货

显卡里面目前性价比最高的当属2080ti,虽然基本都是矿渣,不翻车应该是勉强够用了,而且后期还能魔改22G显存

通常炼丹模型都比较大,所以需要较大的存储空间

虽然ssd价格已经被长江存储打下来了,但v2平板实在是难拆,等过保了再换ssd吧

正好显卡坞还有一个2.5寸sata盘位,开始上了个2T的机械硬盘,但这种会频繁断电启动的场景实在是不适合机械硬盘

突然看到有5200pro的船货,到手测试上电4.3年、写入360T、健康度92%,不出意外属于传家宝了,人走盘还在的那种

平板+显卡坞+矿渣+船货,debuff拉满了,实属亡命之徒,小朋友千万别学

另外,显卡涡轮扇+显卡坞的1U服务器电源,一跑图直接芜湖起飞,大概需要个书房或者静音机柜?

0x1 Nvidia显卡驱动+Cuda

系统:ubuntu22.04(我司监控软件支配之下,Windows狗都不用)

显卡坞+Nvidia驱动在win系统下安装简单也正常,但ubuntu下似乎有些bug,通常推荐带recommended版本的驱动,但实测始终找不到设备,更换不带recommended的版本才行:

#显卡信息
lspci | grep -i nvidia
#查询可用驱动版本,这里安装最新的530
ubuntu-drivers devices
...
vendor   : NVIDIA Corporation
model    : TU102 [GeForce RTX 2080 Ti Rev. A]
...
driver   : nvidia-driver-530 - distro non-free
driver   : nvidia-driver-530-open - distro non-free recommended
...
#原则上带recommended的属于推荐版本
#但安装nvidia-driver-530-open后nvidia-smi始终找不到设备
#更换nvidia-driver-530才行
sudo apt install nvidia-driver-530
sudo reboot
#检查是否读取到设备
nvidia-smi

Cuda深度神经网络库 (cuDNN) , GPU 加速的 深度神经网络 基元库,不必多说,炼丹必备,按照官网指南逐步安装即可

#https://developer.nvidia.com/cuda-downloads?target_os=Linux&target_arch=x86_64&Distribution=Ubuntu&target_version=22.04&target_type=deb_local
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-ubuntu2204.pinsudo 
mv cuda-ubuntu2204.pin /etc/apt/preferences.d/cuda-repository-pin-600
wget https://developer.download.nvidia.com/compute/cuda/12.1.1/local_installers/cuda-repo-ubuntu2204-12-1-local_12.1.1-530.30.02-1_amd64.debsudo 
dpkg -i cuda-repo-ubuntu2204-12-1-local_12.1.1-530.30.02-1_amd64.debsudo 
cp /var/cuda-repo-ubuntu2204-12-1-local/cuda-*-keyring.gpg /usr/share/keyrings/
sudo apt-get update
sudo apt-get -y install cuda

0x2 Stable Diffusion安装配置

Stable Diffusion 使用web UI版本的:

#web UI:
cd ~
git clone https://github.com/AUTOMATIC1111/stable-diffusion-webui

安装Anaconda管理python环境(python环境太容易冲突了),python版本使用系统默认的3.10即3.10.6

sudo apt install python3.10
sudo apt install python3-pip
wget https://repo.continuum.io/archive/Anaconda3-5.3.1-Linux-x86_64.sh
bash Anaconda3-5.3.1-Linux-x86_64.sh
source ~/.bashrc
#检查是否安装成功
conda info

Anaconda激活python环境:

1、更新:
conda update -n base conda

2、创建环境:
conda create -n <env_name> <packages>
例如:conda create -n python3.10.6 python==3.10.6

3、激活环境:
conda activate python3.10.6

4、虚拟环境创建好之后建议升级 pip 到最新的版本后进行配置:
python -m pip install --upgrade pip

其他Anaconda使用指令:

退出环境:conda deactivate python3.10.6
查看已安装的环境信息:conda env list
复制环境:conda create -n <new_env_name> --clone <origin_env_name>
删除环境:conda env remove -n <env_name>
保存环境信息到environment.yaml文件中:conda env export > environment.yaml
通过environment.yaml环境文件创建文件: conda env create -f environment.yaml
查看已安装的包:conda list
搜索包:conda search <package_name1>
安装包:conda install <package_name1> <package_name2>
卸载包:conda remove <package_name>

安装Xformers ,用于提高 GPU 的效率和速度

# 参考:https://github.com/AUTOMATIC1111/stable-diffusion-webui/wiki/Xformers
#激活python环境
conda activate python3.10.6
cd ~/stable-diffusion-webui
source ./venv/bin/activate
cd repositories
git clone https://github.com/facebookresearch/xformers.git
cd xformers
git submodule update --init --recursive
pip install -r requirements.txt
pip install torch 
#默认源一直下载不动超时,修改为清华源
pip install torchvision -i https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple/
sudo pip install -e .

安装stable-diffusion-webui依赖:

conda activate python3.10.6
cd ~/stable-diffusion-webui

#使用脚本一键安装
bash <(wget -qO- https://raw.githubusercontent.com/AUTOMATIC1111/stable-diffusion-webui/master/webui.sh)

#or 逐步安装,遇到下载不动的使用-i参数修改为国内源
pip install -r requirements_versions.txt
pip install -r requirements.txt

启动stable-diffusion,加载xformers插件运行速度会快不少

#Run 带xformers参数用于加速GPU:
./webui.sh
./webui.sh --xformers

#Check for options:1
./webui-user.sh

0x3 Stable Diffusion简单试用

0x31 模型文件

Stable-diffusion使用需要模型文件,下载好后放置于model/Stable-diffusion/目录下,这里找了几个:
https://huggingface.co/Eata/Model/tree/main
https://civitai.com:这个里面有很多好看的模型
其中比较逼真的人像通常使用:chilloutmix_NiPrunedFp32Fix.safetensors

另外对具体的形象进行微调,通常需要加载model/Lora下的模型文件,这里也找了几个:
https://huggingface.co/samle/sd-webui-models/tree/main

0x32 简单试用

参考:https://zhuanlan.zhihu.com/p/611519270
想生成更多更好的图片需要好的prompt和negative prompt,这里使用chilloutmix_NiPrunedFp32Fix.safetensors模型,Lora使用迪丽热巴的dilrabaDilmurat_v1.safetensors

prompt:hair ornament, earrings, necklace, t-shirts, looking at viewer, solo, <lora:dilrabaDilmurat_v1:1>,full body, water,
negative prompt:(worst quality, low quality:1.2), watermark, username, signature, text

更多用法就待后续慢慢研究了

0x33 速度对比,使用xformers可以1秒出图

跑上面同样的模型和prompt,大小默认512*512,其他所有配置也都是默认

不使用xformers:5-7it/s,2-3秒出图

使用xformers:12-13it/s,稳定1秒出图,速度提升还是很明显的