[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Security] gpsd integration in oss-fuzz infrastructure
|
From: |
Gary E. Miller |
|
Subject: |
Re: [Security] gpsd integration in oss-fuzz infrastructure |
|
Date: |
Sun, 18 Sep 2022 10:37:38 -0700 |
Yo Arjun!
On Sun, 18 Sep 2022 17:43:37 +0530
Arjun singh <ajsinghyadav00@gmail.com> wrote:
> Can I have your attention on security-related issues in gpsd?
Sure.
> To find memory security-related bugs in Project gpsd,
> There is a PR in oss-fuzz:
> https://github.com/google/oss-fuzz/pull/8493/
I see it, not sure what we can do with it.
> Can you check the harness for fuzzing in PR,
I can't build it, as I dont run Docker. So I can't run it.
I looked at the code, but don't understand it.
One thing I do note:
#include "gpsd_config.h"
#include "gpsd.h"
Clients should not be using those files. They are never installed in
the host when building gpsd. So how are you getting them?
gpsd has a 3.9MB of regression test input data. And a test framework to
handle it. Why not fuzz that data?
> And *vendor_ccs* for who to receive bug reports from oss-fuzz and fix
> them.
gpsd-dev@nongpu.org is fine.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgpGADl7wgRWq.pgp
Description: OpenPGP digital signature