Skip to content

SecurityLab-UCD/game-fuzz-trophies

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Game Fuzz Trophies

Bugs found by game-fuzz, a coverage-guided fuzzing framework for video games.

Status Legend

Symbol Meaning
Confirmed, not yet reported upstream
📬 Reported upstream
🔧 Fixed upstream

Summary

Game Language Bugs
pacman C++ 1
sokoban Rust 1
SuperMarioBros C 2
zel C 2

pacman

# Bug ID Type Description Location Repro Median TTF Status
1 4765e56d UBSan left shift of negative value (-23) figur.cpp:27 in Figur::move_left() 5/5 13.7s
Bug 1 — full stack trace 
figur.cpp:27:45: runtime error: left shift of negative value -23
    #0 0x4ed5f9 in Figur::move_left(int, int) (/usr/local/bin/pacman+0x4ed5f9)
    #1 0x540b74 in Pacman::move_left(int, int) (/usr/local/bin/pacman+0x540b74)
    #2 0x5c583b in FunnyAnimation::animate() (/usr/local/bin/pacman+0x5c583b)
    #3 0x5a5998 in MenuMain::show() (/usr/local/bin/pacman+0x5a5998)
    #4 0x52a51c in main (/usr/local/bin/pacman+0x52a51c)
    #5 0x7c1bad1f91c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9)
    #6 0x7c1bad1f928a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a)
    #7 0x424ec4 in _start (/usr/local/bin/pacman+0x424ec4)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior figur.cpp:27:45 in
  • Stack hash: 4765e56dfe89692185e53b50475074f6a18ed293
  • Dedup method: stack-hash (depth 3)
  • Signal: EXIT (exit code 1, UBSan halt_on_error=1)
  • Discovery times: 9.3s, 9.6s, 13.7s, 16.5s, 19.8s (5 runs)
  • Found by: game-fuzz rand with hierarchical scheduling, adaptive mutator
  • Date: 2026-03-03

sokoban

# Bug ID Type Repro Median TTF Status
1 560104f3 Window crash 5/5 2.6m
  • Signal: WINDOW_CRASH (SDL window unexpectedly closed)
  • Dedup method: fuzzy branch-path match
  • Discovery times: 15.4s, 72.6s, 156.4s, 382.1s, 1038.5s (5 runs)
  • Found by: game-fuzz rand with hierarchical scheduling, adaptive mutator
  • Date: 2026-03-03

SuperMarioBros

# Bug ID Type Repro Median TTF Status
1 514b5fc6 Window crash 5/5 2.5m
2 ceafc62c Window crash 4/5 6.8h
  • Signal: WINDOW_CRASH (SDL window unexpectedly closed)
  • Dedup method: fuzzy branch-path match
  • Bug 1 discovery times: 73.7s, 105.9s, 147.6s, 194.4s, 261.8s (5 runs)
  • Bug 2 discovery times: 11208.7s, 22290.3s, 26589.4s, 37625.9s (4 runs)
  • Found by: game-fuzz rand with hierarchical scheduling, adaptive mutator
  • Date: 2026-03-03

zel

# Bug ID Type Description Location Repro Median TTF Status
1 7b589be6 UBSan array index out of bounds (int[11][15]) player.c:191 in update_player() 5/5 9.1m
2 43d78e29 LSan memory leak (1.4 MB leaked in 21 allocations) zel.c:204 in setup() 5/5 5.1h
Bug 1 — full stack trace 
player.c:191:13: runtime error: index 11 out of bounds for type 'int[11][15]'
    #0 0x519e52 in update_player /app/projects/zel-d/zel-d/./player.c:191:13
    #1 0x553b47 in main /app/projects/zel-d/zel-d/./zel.c:182:17
    #2 0x7f...1c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9)
    #3 0x7f...28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a)
    #4 0x41f494 in _start (/app/projects/zel-d/zel-d/bin+0x41f494)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior player.c:191:13
  • Stack hash: 7b589be66ef15ec551ae5c616427b64614ec3ec2
  • Dedup method: stack-hash (depth 3)
  • Signal: EXIT (exit code 1, UBSan halt_on_error=1)
  • Discovery times: 164s, 273s, 544s, 677s, 846s (5 runs)
  • Found by: game-fuzz rand with hierarchical scheduling, adaptive mutator
  • Date: 2026-02-25
Bug 2 — full stack trace 
=================================================================
==25558==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 576 byte(s) in 6 object(s) allocated from:
    #0 0x4a1d98 in __interceptor_calloc asan_malloc_linux.cpp:77:3
    #1 0x7f5a451d8442  (/lib/x86_64-linux-gnu/libSDL2-2.0.so.0+0xdc442)
    #2 0x7f5a451d07fa  (/lib/x86_64-linux-gnu/libSDL2-2.0.so.0+0xd47fa)
    #3 0x5556e7 in setup /app/projects/zel-d/zel-d/./zel.c:204:24
    #4 0x553a4e in main /app/projects/zel-d/zel-d/./zel.c:170:9
    #5 0x7f5a44ed11c9  (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9)
    #6 0x7f5a44ed128a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a)
    #7 0x41f494 in _start (/app/projects/zel-d/zel-d/bin+0x41f494)
SUMMARY: AddressSanitizer: 1460184 byte(s) leaked in 21 allocation(s).
  • Stack hash: 43d78e29a68d066a377c1f1c10d57e45d8c3d53d
  • Dedup method: stack-hash (depth 3)
  • Signal: EXIT (exit code 1, LSan halt_on_error=1)
  • Discovery times: 15204s, 15326s, 18507s, 28101s, 34372s (5 runs)
  • Found by: game-fuzz rand with hierarchical scheduling, adaptive mutator
  • Date: 2026-02-25

About

Archive Fuzzing Trophies for the Game Fuzz Project

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors