Date: Thu, 09 Jul 2015 17:37:55 +0300 From: Alexander Cherepanov <ch3root@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: How serious is undefined behavior? On 2015-07-06 19:17, Hanno Böck wrote: > Would people think it's a wise idea to put a lot of effort into testing > applications with ubsan enabled and reporting all the bugs that pop up? I think the situation is the same as with other bugs -- it depends on the project. I would report them if the application in question is in a good shape. Otherwise I would start with crashes. My experience in fuzzing binutils and elfutils with ubsan was quite positive. It was easy to integrate it into my workflow and all reported issues were promptly fixed by the maintainers.  reports with ubsan start at https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c196 https://sourceware.org/bugzilla/show_bug.cgi?id=17531#c82  reports with ubsan start at https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c29 -- Alexander Cherepanov
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ