On Tue, 2021-10-05 at 21:49 -0400, Eric Gallager wrote: > On Tue, Oct 5, 2021 at 1:28 PM Luís Ferreira <cont...@lsferreira.net> > wrote: > > > > On Tue, 2021-10-05 at 09:00 -0600, Jeff Law wrote: > > > > > > > > > On 10/4/2021 10:52 AM, Luís Ferreira wrote: > > > > On Thu, 2021-09-23 at 09:50 -0600, Jeff Law wrote: > > > > > > > > > > On 9/23/2021 4:16 AM, ibuclaw--- via Gcc-patches wrote: > > > > > > > On 22/09/2021 03:10 Luís Ferreira > > > > > > > <cont...@lsferreira.net> > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > Currently a stack/heap overflow may happen if a crafted > > > > > > > mangle is > > > > > > > maliciously used to cause denial of service, such as > > > > > > > intentional > > > > > > > crashes > > > > > > > by accessing a reserved memory space. > > > > > > > > > > > > > Hi, > > > > > > > > > > > > Thanks for this. Is there a test that could trigger this > > > > > > code > > > > > > path? > > > > > I don't think Luis has commit privs, so I went ahead and > > > > > committed > > > > > this > > > > > patch. > > > > > > > > > > Yea, a testcase would be great. > > > > > > > > > > Jeff > > > > > > > > > Does the test suite runned against address sanitization? if > > > > yes, I > > > > can > > > > submit a patch to make this fail, otherwise it is hard to > > > > trigger a > > > > consistent crash for this issue. > > > Unfortunately, no it doesn't run with sanitization. If it's too > > > painful > > > to create a test, don't worry about it. It happens from time to > > > time. > > > > > > jeff > > > > I would like to add address sanitization if I knew how GCC > > autotools > > work but I think this is a better fit when I invest some time > > implementing something to OSS fuzz and build some infrastructure > > for > > fuzzing parts of the GCC. > > > > I can help with the autotools part if you can say how precisely you'd > like to use them to add address sanitization. And as for the OSS > fuzz part, I think someone tried setting up auto-fuzzing for it once, > but the main bottleneck was getting the bug reports that it generated > properly triaged, so if you could make sure the bug-submitting > portion > of the process is properly streamlined, that'd probably go a long way > towards helping it be useful.
Bugs are normally reported by email or mailing list. Is there any writable mailing list to publish bugs or is it strictly needed to open an entry on bugzilla? -- Sincerely, Luís Ferreira @ lsferreira.net
signature.asc
Description: This is a digitally signed message part
