* Several bugs in xfs-progs when parsing invalid input
@ 2015-11-05 16:47 Hanno Böck
2015-11-06 16:54 ` Eric Sandeen
0 siblings, 1 reply; 2+ messages in thread
From: Hanno Böck @ 2015-11-05 16:47 UTC (permalink / raw)
To: xfs
[-- Attachment #1.1: Type: text/plain, Size: 1176 bytes --]
Hi,
A while ago I reported a couple of bugs into your bugtracker about
issues in xfs_repair that I found through fuzzing (with the tool
american fuzzy lop).
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1119
null pointer access
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1120
out of bounds heap read access
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1121
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1122
2x assert
When opening these bugs I got an error message. I then contacted your
support and almost two months(!) later I got a reply telling me that I
should not use bugzilla, instead I should report bugs to this mailing
list.
Your webpage however clearly states that I should use bugzilla:
http://oss.sgi.com/projects/xfs/
This is all a bit ridiculous. If you don't want people to use your
bugzilla don't say so on your webpage and preferrably disable the
creation of new bugs.
Anyway: Please have a look at the bugs I reported (and once they're
fixed I'll happily re-test the code to see if there are more issues
that can be found via fuzzing).
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: BBB51E42
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
[-- Attachment #2: Type: text/plain, Size: 121 bytes --]
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Several bugs in xfs-progs when parsing invalid input
2015-11-05 16:47 Several bugs in xfs-progs when parsing invalid input Hanno Böck
@ 2015-11-06 16:54 ` Eric Sandeen
0 siblings, 0 replies; 2+ messages in thread
From: Eric Sandeen @ 2015-11-06 16:54 UTC (permalink / raw)
To: xfs
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/5/15 10:47 AM, Hanno Böck wrote:
> Hi,
>
> A while ago I reported a couple of bugs into your bugtracker about
> issues in xfs_repair that I found through fuzzing (with the tool
> american fuzzy lop).
>
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=1119
> null pointer access
>
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=1120
> out of bounds heap read access
>
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=1121
> http://oss.sgi.com/bugzilla/show_bug.cgi?id=1122
> 2x assert
>
> When opening these bugs I got an error message. I then contacted your
> support and almost two months(!) later I got a reply telling me that I
> should not use bugzilla, instead I should report bugs to this mailing
> list.
>
> Your webpage however clearly states that I should use bugzilla:
> http://oss.sgi.com/projects/xfs/
oss.sgi.com infrastructure is not well maintained, I'm sorry about that,
but it's up to SGI to fix anything that needs fixing, I'm afraid.
Which is a pity, because a well-maintained bug tracker would be pretty
useful.
That said, reporting to the list is also probably a good idea.
> This is all a bit ridiculous. If you don't want people to use your
> bugzilla don't say so on your webpage and preferrably disable the
> creation of new bugs.
>
> Anyway: Please have a look at the bugs I reported (and once they're
> fixed I'll happily re-test the code to see if there are more issues
> that can be found via fuzzing).
You didn't say what version of xfsprogs you tested, but there have
been a few independent fuzz-related fixes recently; you might just retest
against what's currently in the git tree, and see if we got lucky. ;)
Thanks,
- -Eric
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJWPNsyAAoJECCuFpLhPd7gcIcP/26oNtf4LctRnyNwAQfqdp99
SCoJoCBnJLY8B8CI4ut1LkUzaCmGw3tC/sB5i+JxV9kU2U1IZ3D06mw3HMFrf2zB
/AXxTyZPejpNGmWsfn8XevaC0t2/qGqZp6cEyE7IeK7CCDfKl/ulmTg0np3uexTo
/FRTBkFJtM9TOgByvbuk0CAeW4zC9VUCBubV5KxXFgJgQIigHDZhdVPl6gFfPuov
+AZu8jNAK+zKcmlziUxZHr+xL/8T+IVGkao91pqxXYDW/p0OYC4XlOm8NCQ+Z7HQ
zuCWDyL8Y1lCwqJonkO+slFQ1YtF2K2zBmyT8HBzmqd294/9SP8pJcyZkm9JKbvC
on2AipTqrob90xHnMyyIrU9stbfa2vlFo2CDUzDwklY6M3dfViPoMrkAu+IRxjC0
aenoezYSYJ6H4blAfvWeSHwmfSUp9qtS+QR0ETPLqw+w1WARrbxjqcARw+ln4dOY
+0AgUJfc6UFmgGkulX2qQqFX8zNth9uE09TIU5q2Gy9/uY2hkK7mgQ4sVNQMVt7f
M2vooAh8vF59PrJt6fTOHeSMrTcScl1fi1N0sQgnWfDUWlh81gSCRBy3drg02JGB
nh3wcAJo4D726fyucRh7XSj+3k2CUas/Y87kDevX5A8xBBNNiT/S4ueYlg7BEPT4
5Y20B/KyIe0jQiLFLOMU
=Vuhf
-----END PGP SIGNATURE-----
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-06 16:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-05 16:47 Several bugs in xfs-progs when parsing invalid input Hanno Böck
2015-11-06 16:54 ` Eric Sandeen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox