oss-security - multiple crashes in radare2/radiff2

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Thu, 8 Sep 2016 17:34:09 +0300
From: Vahagn Vardanyan <vvvaagn@...il.com>
To: oss-security@...ts.openwall.com
Subject: multiple crashes in radare2/radiff2

Hi there

I created report
https://bugs.chromium.org/p/project-zero/issues/detail?id=933&can=1&q=&sort=-id
but got invalid status, Tavis Ormandy recommend for I will resend to
this email :-)

Please tell how I can send crashes archive, thank you


Radare2 (https://github.com/radare/radare2) is a complete framework
for reverse-engineering and analyzing binaries. Radare2 use
Radare2 also have radiff2 tools, which use can compare 2 binary files.

Usage: radiff2 [-abcCdjrspOxvV] [-g sym] [-t %] [file] [file]

With use afl & address-sanitize founded multiple crashes (crashes.zip)
and small test is a small_test


for test it, I wrote small program

/* hello.c */
#include <stdio.h>

int main (void)
{
	printf ("Hello World\n");
}

compile it with

clang hello.c

and get a.out file.

for reproduce need call radiff2 with next parameters
./radiff2 -g sym a.out 	small_test

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.