On 2014-12-18 15:02, Ed Maste wrote: > On 18 December 2014 at 11:53, Pedro Giffuni <p...@freebsd.org> wrote: >> test the tools with a fuzzer like security/afl > > Yes, a very good idea, especially for strings(1) given the way it is > often used. I've already found a strings crash with afl. > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" >
I cam across this not that long ago: http://lcamtuf.blogspot.ca/2014/10/psa-dont-run-strings-on-untrusted-files.html Our strings didn't crash with his proof of concept, but there may be other similar bugs -- Allan Jude
signature.asc
Description: OpenPGP digital signature
