Thanks Evgeny. Could you explain to me why you think it is a false positive ?
> Le 21 oct. 2022 à 21:57, Evgeny Vereshchagin <evv...@gmail.com> a écrit : > >>>> Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils >> >> This is inaccessible without logins. > > To judge from > https://github.com/google/oss-fuzz/tree/master/infra/experimental/SystemSan#arbitrary-file-open > that new experimental fuzzer > isn't documented yet but as far as I can tell it flags "tainted" > strings passed to the open syscall. That backtrace points to > https://sourceware.org/git/?p=elfutils.git;a=blob;f=libdwfl/dwfl_segment_report_module.c;h=28f87f10dd3962082ec4b995f43069ffc4b5e3d4;hb=HEAD#l784 > and I think it's a false positive. Looking at > https://github.com/google/oss-fuzz/issues/8497 it seems it should be > possible > to turn it off eventually. > > Thanks, > Evgeny Vereshchagin
