Multiple bugs from fuzzing #7
Comments
|
Added details, including sample files which cause crashes, in my fuzzing repo. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been fuzzing sasquatch (in particular the fork by @gcanalesb, which fixes a number of bugs I found in this release) and ran into a number of crashes which persisted. There appear to be a few checks missing where values are passed to malloc() without validation, and at least one case that causes out-of-bounds access.
I've got 68 crashes, though I haven't run through them all to check what's a duplicate and what's not. From what I can tell, there are at least 4 crash sites (mostly in fragment table parsing), but I've honestly not done a lot of manual checking.
I've attached an archive with valgrind and strace output from each crash, each prepended with the filename which caused the crash. Unfortunately I can't upload the full archive of sample files here, as it ends up being a 150MB archive. I'll find an alternative upload location and post it as a comment shortly.
analysis.zip
The text was updated successfully, but these errors were encountered: