On Mon, Jul 13, 2015 at 09:05:16AM -0400, Andrew wrote: > Their paper is here: > http://people.csail.mit.edu/fanl/papers/codephage-pldi2015.pdf > > A related paper on a system to automatically find the bugs to repair is > here: http://dspace.mit.edu/openaccess-disseminate/1721.1/96155 >
Skimming through the paper, it also seems like it could replace parsers that crash on invalid input (and thus fail noisily) with lenient parsers that don't crash when handling those inputs. This may or may not lead to the creation of entirely new states (e.g. a lenient configuration parser that accepts complex, invalid syntax could lead to a runtime configuration that causes crashes later during execution) and by extension vulnerabilities. _______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
