From mboxrd@z Thu Jan 1 00:00:00 1970 Content-Type: multipart/mixed; boundary="===============6026363831617625989==" MIME-Version: 1.0 From: Alexander Cherepanov To: elfutils-devel@lists.fedorahosted.org Subject: Re: Fuzzing elfutils Date: Mon, 22 Dec 2014 01:20:24 +0300 Message-ID: <549747A8.3020804@mccme.ru> In-Reply-To: 1418947995.19814.11.camel@bordewijk.wildebeest.org --===============6026363831617625989== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable On 2014-12-19 03:13, Mark Wielaard wrote: > On Thu, 2014-12-18 at 21:15 +0300, Alexander Cherepanov wrote: >>> Thanks. I'll try to reproduce them soon. But without a general leb128 >>> length check fix using eu-readelf -w might be somewhat unreliable (and >>> this also might impact -e/--exceptions). >> >> There are many patches flowing and it's not clear which are relevant for >> my crashes and when it's the right time to start fuzzing again. > > Now would be a good time :) Ok:-) > I am not aware of any pending crashers. > Although I am aware of 3 areas that still need some work because they > could potentially cause crashes on bad input (I'll update the bug soon). It seems the crashes I uploaded yesterday hit at least one of these = areas (Dwarf_Abbrev) but maybe not others. OTOH you don't need fuzzing = to hit these areas if you already know they are problematic. Fuzzing is = more interesting when it uncovers something unexpected. > Sorry there were so many changes. But sadly there were a lot of > crashers. I hope we got them all. And some of yours needed some more > general fixes that needed some discussion. But those patches are now > finally all in. The amount of fixes is not something to be sorry about, it's something = to be proud of:-) But it would be nice to have an idea which commits fix which crashes. = Your first commit (d0070a9) included Reported-by: -- thanks! But it was = the only such commit, then it was not clear whether you fix further = crashes from the same bunch or fix completely different crashes. I guess I can formulate two wishes now: - to include Reported-by: tag in your commits (to make it possible to = track progress and as a credit); - to let me know when it's reasonable to start next round of fuzzing. [skip] >> Further fuzzing found 3 crashes in readelf. Not sure if you want to look >> into them now. > > Yes, please do add them to the "fuzzer crash bug": > https://bugzilla.redhat.com/show_bug.cgi?id=3D1170810 Done. > Sorry if they don't get immediately fixed for 0.161. But the release > should already have happened and I like to include just some testsuite > cleanups and get it shipped, before continuing with more work. Sure, trying to fix everything will postpone the release indefinitely:-( -- = Alexander Cherepanov --===============6026363831617625989==--