Re: [Mesa-dev] Fuzz testing the stand alone glsl compiler

2015-10-20 Thread Eric Anholt 
Steve Lynch  writes:

> Hi,
>
> I've been using afl (http://lcamtuf.coredump.cx/afl/) on the standalone
> glsl compiler.
>
> It found four different crashes in the latest code in master and I have
> minimised the test cases that cause the crashes. I spent a couple of hours
> poking around but haven't managed to fix any of the issues.
>
> Is any one interested in the generated test data set?
>
> I haven't filed the defects yet but from what I can see some of the tests
> give control over a pointer that gets dereferenced. I've got no idea if
> they are exploitable but thought I should check that these should still go
> on the public bug list.

That's great!  Fuzzing the compiler is something I've wished someone had
the time for for a long time.

Public bug list sounds fine to me -- we don't embargo other segfaults
(nor do I think we should).  The best way to report it would be to make
piglit tests out of them -- check out something like
tests/spec/glsl-1.10/compiler/version-macro.frag (compile only) or
tests/spec/glsl-1.10/execution/fs-bool-less-compare-false.shader_test
(compile, link, and draw) for examples to work from.


signature.asc
Description: PGP signature
___
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev

[Mesa-dev] Fuzz testing the stand alone glsl compiler

2015-10-17 Thread Steve Lynch 
Hi,

I've been using afl (http://lcamtuf.coredump.cx/afl/) on the standalone
glsl compiler.

It found four different crashes in the latest code in master and I have
minimised the test cases that cause the crashes. I spent a couple of hours
poking around but haven't managed to fix any of the issues.

Is any one interested in the generated test data set?

I haven't filed the defects yet but from what I can see some of the tests
give control over a pointer that gets dereferenced. I've got no idea if
they are exploitable but thought I should check that these should still go
on the public bug list.

Cheers,

Steve
___
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev