public inbox for linux-xfs@vger.kernel.org
 help / color / mirror / Atom feed
* Several bugs in xfs-progs when parsing invalid input
@ 2015-11-05 16:47 Hanno Böck
  2015-11-06 16:54 ` Eric Sandeen
  0 siblings, 1 reply; 2+ messages in thread
From: Hanno Böck @ 2015-11-05 16:47 UTC (permalink / raw)
  To: xfs


[-- Attachment #1.1: Type: text/plain, Size: 1176 bytes --]

Hi,

A while ago I reported a couple of bugs into your bugtracker about
issues in xfs_repair that I found through fuzzing (with the tool
american fuzzy lop).

http://oss.sgi.com/bugzilla/show_bug.cgi?id=1119
null pointer access

http://oss.sgi.com/bugzilla/show_bug.cgi?id=1120
out of bounds heap read access

http://oss.sgi.com/bugzilla/show_bug.cgi?id=1121
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1122
2x assert

When opening these bugs I got an error message. I then contacted your
support and almost two months(!) later I got a reply telling me that I
should not use bugzilla, instead I should report bugs to this mailing
list.

Your webpage however clearly states that I should use bugzilla:
http://oss.sgi.com/projects/xfs/

This is all a bit ridiculous. If you don't want people to use your
bugzilla don't say so on your webpage and preferrably disable the
creation of new bugs.

Anyway: Please have a look at the bugs I reported (and once they're
fixed I'll happily re-test the code to see if there are more issues
that can be found via fuzzing).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

[-- Attachment #2: Type: text/plain, Size: 121 bytes --]

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Several bugs in xfs-progs when parsing invalid input
  2015-11-05 16:47 Several bugs in xfs-progs when parsing invalid input Hanno Böck
@ 2015-11-06 16:54 ` Eric Sandeen
  0 siblings, 0 replies; 2+ messages in thread
From: Eric Sandeen @ 2015-11-06 16:54 UTC (permalink / raw)
  To: xfs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 11/5/15 10:47 AM, Hanno Böck wrote:
> Hi,
> 
> A while ago I reported a couple of bugs into your bugtracker about
> issues in xfs_repair that I found through fuzzing (with the tool
> american fuzzy lop).
> 
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=1119
> null pointer access
> 
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=1120
> out of bounds heap read access
> 
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=1121
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=1122
> 2x assert
> 
> When opening these bugs I got an error message. I then contacted your
> support and almost two months(!) later I got a reply telling me that I
> should not use bugzilla, instead I should report bugs to this mailing
> list.
> 
> Your webpage however clearly states that I should use bugzilla:
> http://oss.sgi.com/projects/xfs/

oss.sgi.com infrastructure is not well maintained, I'm sorry about that,
but it's up to SGI to fix anything that needs fixing, I'm afraid.

Which is a pity, because a well-maintained bug tracker would be pretty
useful.

That said, reporting to the list is also probably a good idea.

> This is all a bit ridiculous. If you don't want people to use your
> bugzilla don't say so on your webpage and preferrably disable the
> creation of new bugs.
> 
> Anyway: Please have a look at the bugs I reported (and once they're
> fixed I'll happily re-test the code to see if there are more issues
> that can be found via fuzzing).

You didn't say what version of xfsprogs you tested, but there have
been a few independent fuzz-related fixes recently; you might just retest
against what's currently in the git tree, and see if we got lucky.  ;)

Thanks,
- -Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJWPNsyAAoJECCuFpLhPd7gcIcP/26oNtf4LctRnyNwAQfqdp99
SCoJoCBnJLY8B8CI4ut1LkUzaCmGw3tC/sB5i+JxV9kU2U1IZ3D06mw3HMFrf2zB
/AXxTyZPejpNGmWsfn8XevaC0t2/qGqZp6cEyE7IeK7CCDfKl/ulmTg0np3uexTo
/FRTBkFJtM9TOgByvbuk0CAeW4zC9VUCBubV5KxXFgJgQIigHDZhdVPl6gFfPuov
+AZu8jNAK+zKcmlziUxZHr+xL/8T+IVGkao91pqxXYDW/p0OYC4XlOm8NCQ+Z7HQ
zuCWDyL8Y1lCwqJonkO+slFQ1YtF2K2zBmyT8HBzmqd294/9SP8pJcyZkm9JKbvC
on2AipTqrob90xHnMyyIrU9stbfa2vlFo2CDUzDwklY6M3dfViPoMrkAu+IRxjC0
aenoezYSYJ6H4blAfvWeSHwmfSUp9qtS+QR0ETPLqw+w1WARrbxjqcARw+ln4dOY
+0AgUJfc6UFmgGkulX2qQqFX8zNth9uE09TIU5q2Gy9/uY2hkK7mgQ4sVNQMVt7f
M2vooAh8vF59PrJt6fTOHeSMrTcScl1fi1N0sQgnWfDUWlh81gSCRBy3drg02JGB
nh3wcAJo4D726fyucRh7XSj+3k2CUas/Y87kDevX5A8xBBNNiT/S4ueYlg7BEPT4
5Y20B/KyIe0jQiLFLOMU
=Vuhf
-----END PGP SIGNATURE-----

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-06 16:54 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-05 16:47 Several bugs in xfs-progs when parsing invalid input Hanno Böck
2015-11-06 16:54 ` Eric Sandeen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox