Re: [Bug-readline] Readline fuzz testing

Tue, 11 Jul 2017 00:56:24 -0700 

I'm not sure where to find it on the web page, but you can page
through the most recent changes using `git log -p` and find some
patches that look like they might be relevant (e.g., char
mb[MB_LEN_MAX] -> char mb[MB_LEN_MAX+1]:

    git clone https://git.savannah.gnu.org/git/readline.git
    git checkout devel
    git log -p

I can confirm that when I compile readline using the devel branch from
Savannah, it fixes some, but not all, of the bugs I found. In
particular, examples A & C seem to work, but if you try dataset B in
my examples, it still triggers a memory allocation problem (heap usage
after free).

Also, running the fuzz program as I described finds more problems. I'm
attaching as example D another input file that causes readline-devel
to go into an infinite loop. Also,


On 7/10/17, [email protected] <[email protected]> wrote:
> Hi Chet,
>
> I'm curious to see what kind of fixes were made. Can you point us to
> two or three of them by URL? I'm looking here and I've navigated
> around a bit but I can't seem to orient myself:
>
> http://git.savannah.gnu.org/cgit/readline.git/
>
> This sounds like an interesting learning opportunity...
>
> Thanks,
>
> Frederick
>
> On Mon, Jul 10, 2017 at 10:03:12AM -0400, Chet Ramey wrote:
>> On 7/9/17 2:10 AM, Ben Wong wrote:
>> > Readline is causing bash to dump core every once in a bluemoon. It's
>> > extremely infrequent and hard to reproduce, so, to debug it, I'm using
>> > random input from fuzz(1). It turns out, libreadline *consistently*
>> > crashes (segmentation fault) or hangs (infinite loop using all CPU)
>> > under fuzz testing.
>>
>> These have all been fixed, and are fixed in both the readline and bash
>> devel git branches on savannah.  Thanks for taking a look.
>>
>> Eduardo Bustamante did a lot of work fuzzing readline via bash's `read
>> -e'
>> and uncovered these and other, very old, bugs.
>>
>> Chet
>> --
>> ``The lyf so short, the craft so long to lerne.'' - Chaucer
>>               ``Ars longa, vita brevis'' - Hippocrates
>> Chet Ramey, UTech, CWRU    [email protected]
>> http://cnswww.cns.cwru.edu/~chet/
>>
>> _______________________________________________
>> Bug-readline mailing list
>> [email protected]
>> https://lists.gnu.org/mailman/listinfo/bug-readline
>>
>

_______________________________________________
Bug-readline mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-readline

Reply via email to