> Could you explain to me why you think it is a false positive ?
As far as I can tell the idea behind that sanitizer is to mostly flag
suspicious attempts to pass file names that
haven't been sanitized in any away and I agree that in some cases
depending on what happens after those files
are opene
Thanks Evgeny.
Could you explain to me why you think it is a false positive ?
> Le 21 oct. 2022 à 21:57, Evgeny Vereshchagin a écrit :
>
Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils
>>
>> This is inaccessible without logins.
>
> To judge from
> https://github.com/
> > > Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils
>
> This is inaccessible without logins.
To judge from
https://github.com/google/oss-fuzz/tree/master/infra/experimental/SystemSan#arbitrary-file-open
that new experimental fuzzer
isn't documented yet but as far as I can t
Hey Philippe,
> I implemented a new sanitizer to detect arbitrary file open.
I think it's an interesting idea. Among other things it seems it can
be used to detect path traversal attacks.
I'm not sure how exactly it works at this point but if apart from
keeping track of the "open" syscall (and it
Hi -
> > Cf https://oss-fuzz.com/testcases?open=yes&q=Arbitrary&proj=elfutils
This is inaccessible without logins.
> > I would like to know what you think about this. Is this a bug to
> > you ? Or is it expected ? [...]
Crashes on crafted inputs are generally bugs. Security implications
are u
Friendly ping on this ?
> Le 22 sept. 2022 à 09:05, Philippe Antoine a écrit
> :
>
> Hello fuzzers,
>
> I am Philippe Antoine, working on oss-fuzz.
>
> I implemented a new sanitizer to detect arbitrary file open.
> One of these was discovered in elfutils with target
> libFuzzer_elfutils_fuzz
