Luka Kožnjak <[email protected]> [2019-12-28 20:30:53]: Hi Luka,
> Fix a segmentation fault caused by using a pointer to a reallocated address. > The name pointer in the uci_parse_option function becomes invalid if > assert_eol calls uci_realloc down the line, resulting in a segmentation > fault when attempting to dereference name in a strcmp check in > uci_lookup_list. A simple fix is to call assert_eol before retrieving the > actual address for the name and type pointers. thanks for the fix. > The segmentation fault has been found while fuzzing the > uci configuration system for various types of different crashes > and undefined behaviors, which resulted in multiple different > import files causing instability and segmentation faults. Can you share that uci configuration causing this crash as well? I would like to add it into unit tests which are run[1] on GitLab CI after every push to Git repository so we can protect better ourselves against possible re-introduction of the issue in the future during refactoring etc. BTW I plan to add some libFuzzer based fuzzing to UCI soon (as done recently in libubox[1] for example), so I'm wondering if you could share your fuzzing setup/sources as well in order to save some time, thanks! 1. https://gitlab.com/openwrt/project/uci/-/jobs/385184198#L1687 2. https://git.openwrt.org/436d6363a10bbb41ab92602b4eb0030992bb1785 Cheers, Petr _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
