Dear all, During fuzzing, we found one use-after-free in tac and one invalid-loading-of-value in tail. Interestingly, these errors can be observed only when stdin is externally closed but internally
Dear all, The following execution is flagged by UBSAN as undefined behaviour: $ echo 0 > a; printf "%0.s0" {1..58} >> a $ ./sort -R a So, the root cause might actually be in GNULIB. The bug was found
Dear all, The following input to PR does not crash the program but ASAN reports a buffer overflow. The bug was found with AFLFast, a fork of AFL. Thanks also to Van-Thuan Pham. $ echo a > a $ pr "-S$
Dear all, The following produces a crash for the version in trunk and preinstalled version 8.21 on Ubuntu 14.04 x86_64. Below is also heap-buffer-overflow that doesn’t actually crash but is flagged
Dear all, We are running small 1h fuzzing sessions with AFLFast, a fork of AFL. We’ll be reporting each found bug separately. On Coreutils v8.25 and trunk, the following input crashes. Option -n wa
Dear all, The following input crashes the od utility 3 out of 10 times. Seems to depend on startup timing: Couldn’t reproduce it within GDB or Valgrind. Not sure if its a bug in GNULIB (ftoastr.c)
Dear all, There is an integer overflow in pr.c:1880 which results in memory exhaustion. The bug was found with AFLFast, a fork of AFL. How to reproduce: $ pr -l55555555 -5 I was actually fuzzing Core
Hi Pádraig, I can reproduce the crash on Ubuntu 14.04 x86_64 with preinstalled od version 8.21 and the version in trunk. $ /lib/x86_64-linux-gnu/libc.so.6 GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.
Dear Mr. Meyering, If adding me to THANKS, could you kindly point to: http://www.comp.nus.edu.sg/~mboehme instead of my (spam) email address? Thank you very much indeed! Great work! Best regards, Mar
Dear Paul, Then, I suppose, the observed semantic change for the mentioned version pair was _intended_. Found it odd that I didn't find documented that / why length modifiers are 'suddenly' ignored.
tags 13555 notabug close 13555 stop (triaging old bugs) Hello, Thanks for your follow-up! With no further comments in 5 years, I'm closing this bug. -assaf
Pádraig already listed your name and URL for your seq report, so the addition (with your email address) in my change-set can simply be removed. Thank you for finding/reporting all of those bugs.