Re: Some fuzzer workarounds
Hi > If they weren't actually tested I think it would make sense to revert them to > avoid getting auto-generated CVEs > until they're in more or less good shape at least. I've just opened https://github.com/google/oss-fuzz/pull/7401 to weed out some false positives. Given that they are "security" issues and bash scripts generating CVEs rely on that label I hope they will be closed as "invalid" or "wonfix". The issues found by fuzz-elf-get-sections (which was renamed to fuzz-libelf apparently) were closed as "Verified" though so I'm not sure how it works exactly. Thanks, Evgeny Vereshchagin
Issue 45630 in oss-fuzz: elfutils:fuzz-libelf: Use-of-uninitialized-value in validate_str
Updates: Labels: Fuzz-Blocker Comment #1 on issue 45630 by ClusterFuzz-External: elfutils:fuzz-libelf: Use-of-uninitialized-value in validate_str https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45630#c1 This crash occurs very frequently on linux platform and is likely preventing the fuzzer fuzz-libelf from making much progress. Fixing this will allow more bugs to be found. If this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
Issue 45628 in oss-fuzz: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol
Comment #4 on issue 45628 by evv...@gmail.com: elfutils:fuzz-libdwfl: Heap-buffer-overflow in strtol https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45628#c4 > Hopefully I'll fix the documentation once I've gotten round to it. I opened https://github.com/google/oss-fuzz/pull/7403 where I updated the documentation. It isn't perfect in the sense that it should probably mention how to figure out which fuzzing engines can be used to trigger issues reported by OSS-Fuzz and how to pass them but it's good enough I think. -- You received this message because: 1. You were specifically CC'd on the issue You may adjust your notification preferences at: https://bugs.chromium.org/hosting/settings Reply to this email to add a comment.
