Date: Fri, 20 Mar 2015 17:06:18 -0700 From: Konstantin Serebryany <konstantin.s.serebryany@...il.com> To: Konstantin Serebryany <konstantin.s.serebryany@...il.com>, musl@...ts.openwall.com Subject: Re: buffer overflow in regcomp and a way to find more of those On Fri, Mar 20, 2015 at 4:52 PM, Szabolcs Nagy <nsz@...t70.net> wrote: > * Konstantin Serebryany <konstantin.s.serebryany@...il.com> [2015-03-20 13:17:47 -0700]: >> Following the discussion at the glibc mailing list >> (https://sourceware.org/ml/libc-alpha/2015-03/msg00662.html) >> I've tried to fuzz musl regcomp and the first bug popped up quickly. >> Please let me know if you would be interested in adding the fuzzer >> (http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/README.txt?view=markup) >> to the musl testing process. >> > > (now with correct To: header) > > > (1) the clean approach would be to have a way to build an > instrumented libc and a separate set of test cases for > various libc apis that the fuzzer could use. Correct. Building libc.a is simple: CC="clang -fsanitize=address -fsanitize-coverage=3 " ./configure && make -j But then I don't know how to properly link libc.a to a test case. How do you usually link tests with libc.a on x86_64 linux? > > (2) the other approach is to cut parts of the libc out > (the parsers often don't depend on too much libc internals) > and build them with whatever runtime the fuzzer needs That's exactly what I did. Not optimal, I agree. > > the question is how hard it is to do (1) ? > > i assume asan is non-trivial to set up for that (or is it > enough to replace malloc calls? and some startup logic?) asan replaces malloc and a few more libc functions. It works with various different libcs, so there is a good chance that it will work here with no or minimal changes. > > at first it is ok if the fuzzer only catches crashing bugs > so if that's easy to do i'd go for that. > > for (1) i can write the test cases and adjust the musl build > system, but i dont know how much difficulty should i expect > > thanks
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.