[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Axiom-developer] [Mayhem] Bug report on axiom-graphics: view2d cras
Re: [Axiom-developer] [Mayhem] Bug report on axiom-graphics: view2d crashes with exit status 139
Thu, 17 Jul 2014 18:31:25 -0400
> > It appears that Brumley's team is fuzzing the input to the graphics
> > portion of Axiom, likely as an effort to find security holes. I used
> > to work at CMU/CERT and am currently active in the security field.
> > Actually, I'm kind of pleased that they got it to run considering our
> > last exchange about gcc no longer working with the legacy C code.
> > Perhaps I need to get David's gcc list of switches :-)
> Just a clarification here, the view2d.c problem is mac specific, to my
> knowledge. Linux is fine.
If Brumley is fuzzing then the problem he is finding (it looks like he
is "forcing AA"s) is that the input stream is not properly handling
overlong input (scanf? strcpy?). So the problem would be generic.
I do this in my pentesting work. I know how to fix it but I want to
concentrate on several other fronts first.