Call for testing: elftoolchain tools
Allan Jude
allanjude at freebsd.org
Thu Dec 18 20:21:43 UTC 2014
On 2014-12-18 15:02, Ed Maste wrote:
> On 18 December 2014 at 11:53, Pedro Giffuni <pfg at freebsd.org> wrote:
>> test the tools with a fuzzer like security/afl
>
> Yes, a very good idea, especially for strings(1) given the way it is
> often used. I've already found a strings crash with afl.
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>
I cam across this not that long ago:
http://lcamtuf.blogspot.ca/2014/10/psa-dont-run-strings-on-untrusted-files.html
Our strings didn't crash with his proof of concept, but there may be
other similar bugs
--
Allan Jude
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20141218/33a5e82f/attachment.sig>
More information about the freebsd-current
mailing list