Hi,
On Mon, 20 Feb 2023 at 19:03, Aleksei Vetrov wrote:
> On Mon, Feb 20, 2023 at 3:55 PM Mark Wielaard wrote:
> >
> > .debug sections are raw bytes and don't need conversion even when host
> > and file have different endian order.
>
> Thank you! I like this patch more for its simplicity, looks
Hi,
OSS-Fuzz found https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56134
introduced in fda09f5f188fb173b2123815be71ca4647a8adfb but for some
reason it wasn't delivered to the mailing list. I opened
https://github.com/google/oss-fuzz/issues/9755 to figure out what went
wrong there but until t
Hi Mark,
> You probably
> don't have libstdc++-devel in your setup. If you cannot install that
> you now have to explicitly configure with --disable-demangler.
Thanks! I opened https://github.com/google/oss-fuzz/pull/9745 where I turned
the demangler off.
libstdc++-dev was indeed missing on "i3
Hi Mark,
> Why can't you simply use the configure support?
I can't interfere with CFLAGS/CXXFLAGS passed by OSS-Fuzz. For example if
I used `--enable-sanitize-undefined` I would overwrite all the
`-fsanitize=...` and
`-fno-sanitize-recover=...` flags used by OSS-Fuzz. I also embed
elfutils into t
Hi Mark,
I fixed the build failure in
https://github.com/google/oss-fuzz/pull/9718. Once it's merged
and reaches ClusterFuzz OSS-Fuzz should close the issue.
> Note that we also recently got support for --enable-sanitize-memory but
> that needs a bit of setup and only works with the clang compile
> Could you explain to me why you think it is a false positive ?
As far as I can tell the idea behind that sanitizer is to mostly flag
suspicious attempts to pass file names that
haven't been sanitized in any away and I agree that in some cases
depending on what happens after those files
are opene
> > > Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils
>
> This is inaccessible without logins.
To judge from
https://github.com/google/oss-fuzz/tree/master/infra/experimental/SystemSan#arbitrary-file-open
that new experimental fuzzer
isn't documented yet but as far as I can t
Hey Philippe,
> I implemented a new sanitizer to detect arbitrary file open.
I think it's an interesting idea. Among other things it seems it can
be used to detect path traversal attacks.
I'm not sure how exactly it works at this point but if apart from
keeping track of the "open" syscall (and it
Hi Mark,
>> I can also prevent OSS-Fuzz from reporting new bugs found by MSan
>> by setting the experimental flag
>>
>> From
>> https://google.github.io/oss-fuzz/getting-started/new-project-guide/#sanitizers
>>> If you want to test a particular sanitizer to see what crashes it generates
>>> with
Hi
> If they weren't actually tested I think it would make sense to revert them to
> avoid getting auto-generated CVEs
> until they're in more or less good shape at least.
I've just opened https://github.com/google/oss-fuzz/pull/7401 to weed out some
false positives.
Given that they are "secur
Hi Mark,
> I guess the idea is that there could be an atoi implementation that
> starts from the end of the string? But I think that is super unlikely
> since atoi (and strtol) is defined on the initial portion of the
> character array. The algorithm is described as working from the start
> and on
[v2]
1) At https://sourceware.org/pipermail/elfutils-devel/2021q4/004541.html
it was pointed out that build-fuzzers.sh is too tied to OSS-Fuzz
and while it was kind of decoupled from it as much as possible
in the sense that it was enough to install clang and run the script to build
the fuzz target
The fuzz target was integrated into OSS-Fuzz in
https://github.com/google/oss-fuzz/pull/6944 and since then it
has been running there continously (uncovering various issues
along the way). It's all well and good but since OSS-Fuzz
is far from the elfutils repository it's unnecessarily hard
to build
13 matches
Mail list logo
