Hi Ben, my understanding is that they bring up two different problems.
For https://bugzilla.redhat.com/show_bug.cgi?id=1467004 (Hash Function) the argument is that shift operations and overflows are undefined or implementation dependent for signed integers as used in the hash function. https://www.securecoding.cert.org/confluence/display/c/INT13-C.+Use+bitwise+operators+only+on+unsigned+operands Shifting a negative number is „bad“ by that definition and that is what they checked. But when looking at the code, isn’t there a problem when a pointer is cast to integer on 64 Bit platforms because the pointer is 64 Bit and the integer is 32 Bit in hash_pointer? Wouldn’t we want to have a hash based on the 64 Bit as for hash_double? For https://bugzilla.redhat.com/show_bug.cgi?id=1467005 (crash on csv conversion) they managed to generate a file which results in a crash when analyzed. Although pspp stills gives an error message that something is wrong in the file… Friedrich > Am 04.07.2017 um 15:27 schrieb Ben Pfaff <b...@cs.stanford.edu>: > > The attribution of the problem to the hash function is probably wrong, > since that function is purely combinatorial logic, but the report as a > whole is right because the attachment in the bug report at > https://bugzilla.redhat.com/show_bug.cgi?id=1467004 does cause > pspp-convert to assert-fail. > > I'm looking into it. > > On Mon, Jul 03, 2017 at 08:50:56PM +0200, John Darrington wrote: >> I suspect this report is mistaken. But this bit is Ben's code, so I'll let >> him comment on >> that. >> >> J' >> >> On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote: >> Dear owl337 team, >> >> thanks for looking at pspp and finding the security problems >> >> https://security-tracker.debian.org/tracker/CVE-2017-10791 >> >> and >> >> https://security-tracker.debian.org/tracker/CVE-2017-10792 >> >> in pspp! Your reports are quite detailed. Could you describe how you >> found the problems, i.e. do >> you have some information about collAFL? >> >> Regards >> >> Friedrich >> >> >> >> _______________________________________________ >> pspp-dev mailing list >> pspp-...@gnu.org >> https://lists.gnu.org/mailman/listinfo/pspp-dev >> >> -- >> Avoid eavesdropping. Send strong encrypted email. >> PGP Public key ID: 1024D/2DE827B3 >> fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 >> See http://sks-keyservers.net or any PGP keyserver for public key. >> > >