Thanks, I'll have a look. Reini
Matteo Marini <m.mar...@diag.uniroma1.it> schrieb am Mi., 20. Dez. 2023, 17:29: > Dear libredwg developers, > > My name is Matteo Marini, I am a Ph.D. student from the Cybersecurity > research group at the Department of Engineering in Computer Science at > Sapienza University of Rome, Italy. > > When running experiments for a project on memory safety errors, we believe > we have found some bugs in libredwg involving the use of values read from > uninitialized memory in program computations (e.g., when concurring to a > branching condition or to a pointer dereferencing). > > Due to the potential security relevance of such bugs, which unfortunately > we were unable to assess with certainty, we are reaching out to you > privately to initiate a responsible disclosure process rather than posting > them as a GitHub issue. Typically, we follow established practices in our > field and wait for 90 days before reporting specific features of our > findings to the public. > > The attached archive (password: cQv8$9k4) contains: > > - > > the executables on which we performed our tests (commit hash: 6b0eb53) > - > > the input file to exercise the bugs > - > > the stacktrace when the bugs were observed > - > > the output of Valgrind confirming our findings > > > The executable we used for our testing is a compiled version of the > fuzzing harness you made available for OSS-Fuzz (i.e. examples/llvmfuzz.c), > with a main() function that simply opens a file, reads its content and > calls the LLVMFuzzerTestOneInput() function. To compile, we used clang 14 > and we ran every test on an ubuntu 22.04 x86-64 machine. > > We also discovered an input that cause a segmentation fault. While our > focus are memory safety errors from uninitialized reads, we believe that > this input may be useful to you as well; please find it in the "other/" > directory inside the archive. > > We would be very grateful for any feedback you may give us on the bugs we > are reporting. > > My supervisor Daniele Cono D’Elia is copied to this communication. We > would both be happy to cooperate with you to provide any further knowledge > in our availability for addressing the issues. > > Best wishes, > > Matteo Marini > >
