Hi Alexander,
On Mon, Dec 29, 2014 at 06:16:45AM +0300, Alexander Cherepanov wrote:
> We start with a bunch of samples.
>
> The first step is to pick distinct bugs. You do it when you fix issues.
> Let's assume for now that one commit == one bug. Then for every bug...
>
> It's nice to document w
On 2014-12-05 11:58, Mark Wielaard wrote:
We don't specificly track any security issues, we just treat them as bugs
to be fixed and do a new release when enough/important bugs have been fixed.
There have been people who have filed CVEs against elfutil bugs though.
I don't have any experience with
On Mon, Dec 22, 2014 at 01:20:24AM +0300, Alexander Cherepanov wrote:
> But it would be nice to have an idea which commits fix which crashes. Your
> first commit (d0070a9) included Reported-by: -- thanks! But it was the only
> such commit, then it was not clear whether you fix further crashes from
On 2014-12-19 03:13, Mark Wielaard wrote:
On Thu, 2014-12-18 at 21:15 +0300, Alexander Cherepanov wrote:
Thanks. I'll try to reproduce them soon. But without a general leb128
length check fix using eu-readelf -w might be somewhat unreliable (and
this also might impact -e/--exceptions).
There a
On Thu, 2014-12-18 at 21:15 +0300, Alexander Cherepanov wrote:
> > Thanks. I'll try to reproduce them soon. But without a general leb128
> > length check fix using eu-readelf -w might be somewhat unreliable (and
> > this also might impact -e/--exceptions).
>
> There are many patches flowing and it
On 2014-12-08 11:52, Mark Wielaard wrote:
On Mon, 2014-12-08 at 06:06 +0300, Alexander Cherepanov wrote:
On 2014-12-05 11:58, Mark Wielaard wrote:
Yes, that is true. I have been using afl. And it is good to throw some
other fuzzers at it. The reason you are so successful is because till
now w
On Mon, 2014-12-08 at 10:14 +0100, Mark Wielaard wrote:
> On Mon, 2014-12-08 at 04:01 +0300, Alexander Cherepanov wrote:
> > On 2014-12-04 19:03, Mark Wielaard wrote:
> > > Good news, the asserts from readelf-asserts.tar.gz don't trigger anymore
> > > and the command seems to run fine.
> >
> > Sor
On Mon, 2014-12-08 at 04:01 +0300, Alexander Cherepanov wrote:
> On 2014-12-04 19:03, Mark Wielaard wrote:
> > Good news, the asserts from readelf-asserts.tar.gz don't trigger anymore
> > and the command seems to run fine.
>
> Sorry, I'm still seeing "readelf: readelf.c:7751:
> print_debug_except
On Mon, 2014-12-08 at 06:06 +0300, Alexander Cherepanov wrote:
> On 2014-12-05 11:58, Mark Wielaard wrote:
> > Yes, that is true. I have been using afl. And it is good to throw some
> > other fuzzers at it. The reason you are so successful is because till
> > now we concentrated on readelf and lib
On 2014-12-05 11:58, Mark Wielaard wrote:
On Fri, 2014-12-05 at 02:10 +0300, Alexander Cherepanov wrote:
On 2014-12-04 17:27, Mark Wielaard wrote:
But I found that using such broad coverage makes the search space for the
fuzzer really, really big. It can take days for the fuzzer to generate a
s
On 2014-12-04 19:03, Mark Wielaard wrote:
On Thu, 2014-12-04 at 15:27 +0100, Mark Wielaard wrote:
Thanks! We have been fixing various issues the last couple of weeks
and I just pushed some my fixes to git master. So if you could retry
against the very latest git checkout that would be very helpf
On Fri, 2014-12-05 at 02:10 +0300, Alexander Cherepanov wrote:
> On 2014-12-04 17:27, Mark Wielaard wrote:
> > But I found that using such broad coverage makes the search space for the
> > fuzzer really, really big. It can take days for the fuzzer to generate a
> > somewhat valid data for some of t
On 2014-12-04 17:27, Mark Wielaard wrote:
[skip]
BTW. It is helpful to know which architecture you are running on. Some
issues only show on a 32bit architecture trying to parse a 64bit ELF file,
or on little/big endian systems parsing a different endian ELF file.
Yes, sorry, I'm using amd64 now
On Thu, 2014-12-04 at 15:27 +0100, Mark Wielaard wrote:
> Thanks! We have been fixing various issues the last couple of weeks
> and I just pushed some my fixes to git master. So if you could retry
> against the very latest git checkout that would be very helpful.
> I'll run your crashers locally ag
Hi Alexander,
On Wed, Dec 03, 2014 at 06:16:29PM +0300, Alexander Cherepanov wrote:
> [Please Cc me, I'm not subscribed.]
BTW. Your message didn't hit my INBOX for some reason.
Even though it does appear in the archives:
https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-December/004346
15 matches
Mail list logo
