Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Mar 2015 01:26:16 +0100
From: Szabolcs Nagy <>
Cc: Konstantin Serebryany <>
Subject: Re: buffer overflow in regcomp and a way to find more of those

* Konstantin Serebryany <> [2015-03-20 17:06:18 -0700]:
> On Fri, Mar 20, 2015 at 4:52 PM, Szabolcs Nagy <> wrote:
> > * Konstantin Serebryany <> [2015-03-20 13:17:47 -0700]:
> >> Following the discussion at the glibc mailing list
> >> (
> >> I've tried to fuzz musl regcomp and the first bug popped up quickly.
> >> Please let me know if you would be interested in adding the fuzzer
> >> (
> >> to the musl testing process.
> >>
> >
> > (now with correct To: header)
> >
> >
> > (1) the clean approach would be to have a way to build an
> > instrumented libc and a separate set of test cases for
> > various libc apis that the fuzzer could use.
> Correct. Building libc.a is simple:
> CC="clang -fsanitize=address -fsanitize-coverage=3 " ./configure && make -j
> But then I don't know how to properly link libc.a to a test case.
> How do you usually link tests with libc.a on x86_64 linux?

we have a musl-gcc script when the compiler is gcc (it uses
a simple spec file to set things up), i don't know what's
the equivalent mechanism in clang world, but i think one
can create a simple script based on the first version of

the test system does not know about toolchain details
the user has to provide whatever compiler wrapper script
is needed to make things work

but i think i wont try to integrate this into our libc-test
right away, libc-test is designed to test a posix libc with
minimal assumptions or external dependencies
(the testing process of musl is not very formal or automated
yet anyway)

> > the question is how hard it is to do (1) ?
> >
> > i assume asan is non-trivial to set up for that (or is it
> > enough to replace malloc calls? and some startup logic?)
> asan replaces malloc and a few more libc functions.
> It works with various different libcs, so there is a good chance that
> it will work here with no or minimal changes.

ok i'll try it

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.