Thanks for the kind words, it is much appreciated. It's just a standard
Debian 7 x86_64 VM running under ESXi. I'm not using any kind of sandbox or
jail or chroot environment as the VM is disposable and another one can be
spun up in seconds if necessary. So far, I haven't had any issues with AFL
de
On Sat, Sep 19, 2015 at 11:17:33PM -0500, Brian Carpenter wrote:
> I found another null ptr deref and segfault. This only seems to affect bash
> 4.4.0 as 4.2.37(1)-release and 4.2.37(1)-release only return a 'bad
> substitution' error message.
Hey Brian,
I just wanted to step in and say: you're d
I found another null ptr deref and segfault. This only seems to affect bash
4.4.0 as 4.2.37(1)-release and 4.2.37(1)-release only return a 'bad
substitution' error message.
bash -c '${!a@a}'
Program received signal SIGSEGV, Segmentation fault.
0x005d36b7 in parameter_brace_transform.isra.
On 9/19/15 5:31 PM, Stephane Chazelas wrote:
> 2015-09-19 16:42:28 -0400, Chet Ramey:
> [...]
>> I'm surprised you've managed to avoid the dozen or so discussions on the
>> topic.
>>
>> http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00108.html
> [...]
>
> Thanks for the links. I still think
On 9/19/15 12:22 PM, Brian Carpenter wrote:
> While fuzzing bash 4.4.0(1)-beta compiled from the devel branch, I found a
> 'script' that causes a segfault. The attached also crashes bash
> 4.2.37(1)-release. The file is 1012B in size and I was unable to minimize
> it any further using the afl-tmin
On 9/18/15 8:06 PM, Brian Carpenter wrote:
> While fuzzing bash 4.4.0(1)-beta compiled from the devel branch, I came
> across another script which triggers a null ptr dereference and a segfault.
> This script seems to crash these other versions of bash as well:
>
> 4.2.37(1)-release on x86_64 Debi
2015-09-19 16:42:28 -0400, Chet Ramey:
[...]
> I'm surprised you've managed to avoid the dozen or so discussions on the
> topic.
>
> http://lists.gnu.org/archive/html/bug-bash/2014-03/msg00108.html
[...]
Thanks for the links. I still think the comments on the second
article I sent
(http://thread.
On 9/19/15 4:02 PM, Brian Carpenter wrote:
> I found another script that triggers a null ptr deref and then segfaults
> bash 4.4.0(1)-beta.
Thanks. This one was relatively easy to fix.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis
On 9/18/15 11:14 AM, Stephane Chazelas wrote:
> Hello.
>
> In:
>
> bash -c 'sh -c "trap exit INT; sleep 10; :"; echo hi'
>
> If I press Ctrl-C, I still see "hi".
>
> On Solaris with 4.1.11(2)-release (i386-pc-solaris2.11), that
> seems to be consistent.
>
> On Debian with 4.3.42(1)-release (x8
2015-09-18 16:14:39 +0100, Stephane Chazelas:
[...]
> In:
>
> bash -c 'sh -c "trap exit INT; sleep 10; :"; echo hi'
>
> If I press Ctrl-C, I still see "hi".
[...]
Jilles provided with the explanation at
http://unix.stackexchange.com/a/230731
with a link to:
http://www.cons.org/cracauer/sigint.h
I found another script that triggers a null ptr deref and then segfaults
bash 4.4.0(1)-beta.
hexdump -C -v test25
5f 3d 20 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 5f 3d |_=
=|
0010 24 7b 5f 5b 30 5d 7d 20 5f 3d 24 7b 5f 5f 5f 5f |${_[0]}
_=${|
0020 5f 5f 5f 5f 5f 5
While fuzzing bash 4.4.0(1)-beta compiled from the devel branch, I found a
'script' that causes a segfault. The attached also crashes bash
4.2.37(1)-release. The file is 1012B in size and I was unable to minimize
it any further using the afl-tmin tool that comes with the AFL fuzzer.
Starting progr
12 matches
Mail list logo
