[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnash-dev] Has gnash been fuzzed?
|
From: |
Sandro Santilli |
|
Subject: |
Re: [Gnash-dev] Has gnash been fuzzed? |
|
Date: |
Fri, 20 Nov 2015 09:50:02 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Thu, Nov 19, 2015 at 07:32:15PM +0100, Jacek Wielemborek wrote:
> Classification: EXPLOITABLE
> Short description: PossibleStackCorruption (7/22)
> gnash::SWFMovieDefinition::read_all_swf(): Assertion `startPos <=
> _swf_end_pos' failed.
> Aborted (core dumped)
No stack corruption is possible, the assert is there to avoid it.
A more robust parser would rather throw an exception there rather
than abort, but I don't intend to fix any such code unless it
comes with an automated test guarding for it to not break anymore.
Are you willing to provide such new testsuite branch for
those cases ? It looks to me that all you need is that base64
string, and an automated tester could run afl-fuzz-parallel for
each of the offending strings. Does it make sense ? Ideally a crash
would be reported against the exact string producing it.
--strk;
- [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/18
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/19
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/19
- Re: [Gnash-dev] Has gnash been fuzzed?,
Sandro Santilli <=
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/20
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/20
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/20
- Re: [Gnash-dev] Has gnash been fuzzed?, Sandro Santilli, 2015/11/20
- Re: [Gnash-dev] Has gnash been fuzzed?, Jacek Wielemborek, 2015/11/20