Steve Lynch <astephenly...@gmail.com> writes: > Hi, > > I've been using afl (http://lcamtuf.coredump.cx/afl/) on the standalone > glsl compiler. > > It found four different crashes in the latest code in master and I have > minimised the test cases that cause the crashes. I spent a couple of hours > poking around but haven't managed to fix any of the issues. > > Is any one interested in the generated test data set? > > I haven't filed the defects yet but from what I can see some of the tests > give control over a pointer that gets dereferenced. I've got no idea if > they are exploitable but thought I should check that these should still go > on the public bug list.
That's great! Fuzzing the compiler is something I've wished someone had the time for for a long time. Public bug list sounds fine to me -- we don't embargo other segfaults (nor do I think we should). The best way to report it would be to make piglit tests out of them -- check out something like tests/spec/glsl-1.10/compiler/version-macro.frag (compile only) or tests/spec/glsl-1.10/execution/fs-bool-less-compare-false.shader_test (compile, link, and draw) for examples to work from.
signature.asc
Description: PGP signature
_______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev
