From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from 8.mo561.mail-out.ovh.net (8.mo561.mail-out.ovh.net [87.98.172.249]) by sourceware.org (Postfix) with ESMTPS id 9C99E3858D39 for ; Fri, 8 Oct 2021 17:09:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9C99E3858D39 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=lsferreira.net Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=lsferreira.net Received: from player688.ha.ovh.net (unknown [10.110.171.171]) by mo561.mail-out.ovh.net (Postfix) with ESMTP id 4BF83282BD for ; Fri, 8 Oct 2021 17:09:03 +0000 (UTC) Received: from lsferreira.net (252.131.62.94.rev.vodafone.pt [94.62.131.252]) (Authenticated sender: contact@lsferreira.net) by player688.ha.ovh.net (Postfix) with ESMTPSA id 365B722EFE6C5; Fri, 8 Oct 2021 17:08:59 +0000 (UTC) Authentication-Results: garm.ovh; auth=pass (GARM-99G00368f6b910-9300-41c0-9922-4e366ec56ef0, 1F1F1D7F992EBEF1055D22C2E2424C1110E6C096) smtp.auth=contact@lsferreira.net X-OVh-ClientIp: 94.62.131.252 Message-ID: <4872af878d0c7c20e22cce802ad19f0258ce9716.camel@lsferreira.net> Subject: Re: [PATCH] libiberty: prevent buffer overflow when decoding user input From: =?ISO-8859-1?Q?Lu=EDs?= Ferreira To: Iain Buclaw , Eric Gallager Cc: gcc-patches , Jeff Law Date: Fri, 08 Oct 2021 18:08:52 +0100 In-Reply-To: <1633711888.gc0v938ufz.astroid@galago.none> References: <455464371.70186.1632392201366@office.mailbox.org> <7485ea02-a526-7503-647a-b6021749e156@gmail.com> <09fab85115a5c1e683400afd646c93369ba171c5.camel@lsferreira.net> <91b18e07-1aac-f576-f9eb-7a152adbf737@gmail.com> <7483fc3cdf406e706ca7b6d769f96fd4949fe2a2.camel@lsferreira.net> <4f18a820cddf89d5fe14f9dc3f86b9491d7699ff.camel@lsferreira.net> <1633711888.gc0v938ufz.astroid@galago.none> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-S2QgMD+3fX9GOAV0gPv3" User-Agent: Evolution 3.40.4 MIME-Version: 1.0 X-Ovh-Tracer-Id: 8876031915727648984 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedvtddrvddttddguddtiecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefkuffhvfffjghftggfggesghdtreertderjeenucfhrhhomhepnfhuvohsucfhvghrrhgvihhrrgcuoegtohhnthgrtghtsehlshhfvghrrhgvihhrrgdrnhgvtheqnecuggftrfgrthhtvghrnhepvdfgudduledttdeuheekhefhgefgudeuffefjeegvdegvdekudfhtdffteekgeeunecuffhomhgrihhnpehlshhfvghrrhgvihhrrgdrnhgvthenucfkpheptddrtddrtddrtddpleegrdeivddrudefuddrvdehvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdqohhuthdphhgvlhhopehplhgrhigvrheikeekrdhhrgdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomheptghonhhtrggttheslhhsfhgvrhhrvghirhgrrdhnvghtpdhrtghpthhtohepghgttgdqphgrthgthhgvshesghgttgdrghhnuhdrohhrgh X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Oct 2021 17:09:06 -0000 --=-S2QgMD+3fX9GOAV0gPv3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, 2021-10-08 at 18:52 +0200, Iain Buclaw wrote: > Excerpts from Lu=C3=ADs Ferreira's message of October 7, 2021 8:29 pm: > > On Tue, 2021-10-05 at 21:49 -0400, Eric Gallager wrote: > > >=20 > > > I can help with the autotools part if you can say how precisely > > > you'd > > > like to use them to add address sanitization. And as for the OSS > > > fuzz part, I think someone tried setting up auto-fuzzing for it > > > once, > > > but the main bottleneck was getting the bug reports that it > > > generated > > > properly triaged, so if you could make sure the bug-submitting > > > portion > > > of the process is properly streamlined, that'd probably go a long > > > way > > > towards helping it be useful. > >=20 > > Bugs are normally reported by email or mailing list. Is there any > > writable mailing list to publish bugs or is it strictly needed to > > open > > an entry on bugzilla? > >=20 >=20 > Please open an issue on bugzilla, fixes towards it can then be > referenced in the commit message/patch posted here. >=20 > Iain. You mean for this current issue? The discussion was about future bug reports reported by the OSS fuzzer workers. I can also open an issue on the bugzilla for this issue, please clarify it and let me know :) --=20 Sincerely, Lu=C3=ADs Ferreira @ lsferreira.net --=-S2QgMD+3fX9GOAV0gPv3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE0nPfaWPZzvrMTlSVcwdQ1Ut6n2YFAmFgeyQACgkQcwdQ1Ut6 n2Z/nA//fyb6K6RozXCiUiFBaih4tN9PIf6h0kSvOa/3eC9dqhO4W9Ye5hZU0xoD ZbGK3TmGjQlMtpeWNquNn9Mo0HdiRSO7cYe1sUjQ+yd1Qyw1UjxJpcWr5rwTItuz UJs8kCvsPnI8s7vfsBDQBWlnQr3tJDJucToJMxexuE5i82mmbcuCCgFopJ66LPKf Fq1wG88wrVTu/KpNJwd6Sx/79syFF3Rme64iZ80s99m2W9uwf8sHz3xh6tsBkviY 2MJXKU/N8JZjrunY0+0mx9PT4NUqcJ7Rnepf4jgveCfflzEpmU7JljF/5Qqlm5yV lhsGLnSM4NkaRjX5ZacbnRtDjrhCf+FAI21gAHjEmZlRQIWsfrr8aczs0k2CorP1 Q++4HNSeQvMABSd5xZVFp214weur07xl0IdwkE3UxNopXwo9Yamk4gaaoxWucbBJ qtTOKy5wLT5Ut8NdZUC+OtKkz72RD2qSy33SxShPKoRfS2C+1UflXQg4rS6SeiaN w++5jL3yPVLchmuBXVC0jb1Mi/CWNyUa6uxxrRonDJfDyzuxplRhUapd4FKU3nsB VO2PvRG0s3l18WaeubQ29H86W81dA319FU0pYNRoP1EWR52qSp7sWBpUqMcwGpwO bzUzdjScyZ5sIdy1TTYWebVZOQIlehUTRNvGAILO44OE6PsfW+k= =mxIO -----END PGP SIGNATURE----- --=-S2QgMD+3fX9GOAV0gPv3--