On 5/4/22 17:16, Aaron Conole wrote: > Ilya Maximets <[email protected]> writes: > >> nx_to_ofp_flow_update_event() aborts the execution if incorrect >> event is passed, so checking has to be done before conversion >> in order to avoid the crash while decoding malformed flow update >> message: >> >> ==397030==ERROR: AddressSanitizer: ABRT on unknown address 0x... ) >> 0 0x7fd26688418b in raise >> 1 0x7fd266863858 in abort >> 2 0x6a6cbd in nx_to_ofp_flow_update_event lib/ofp-monitor.c:399:9 >> 3 0x6a6cbd in ofputil_decode_flow_update lib/ofp-monitor.c:856:25 >> 4 0x56491d in ofp_print_flow_monitor_reply lib/ofp-print.c:779:22 >> 5 0x55f0a0 in ofp_to_string__ lib/ofp-print.c:1154:16 >> 6 0x55f0a0 in ofp_to_string lib/ofp-print.c:1244:21 >> 7 0x5603a5 in ofp_print lib/ofp-print.c:1288:28 >> >> Credit to OSS-Fuzz. >> >> Additionally removed the extra 'reply' word from the error message, >> since ofpraw_get_name(raw) already has one. >> >> Fixes: c3e64047d1cc ("ofp-monitor: Support flow monitoring for OpenFlow 1.3, >> 1.4+.") >> Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47112 >> Signed-off-by: Ilya Maximets <[email protected]> >> --- > > Good catch - as a side note, it would be really cool to get some > OSS-Fuzz runs as a robot for periodic testing.
It should be possible. ClusterFuzz is open and can be set up by anyone. There also seems to be a ClusterFuzzLite for easier integration into CI systems, but it uses containers pre-built by google. > Right now, I don't think > anyone but you / Ben has access to these issues as they pop up. For > example, I can't check the oss-fuzz issue "Permissions Denied." Yeah. A few people has access, because issues are treated as possible security issues by default. They are getting publicly accessible after the issue is fixed or after ~90 days, IIRC. > Acked-by: Aaron Conole <[email protected]> Thanks! Applied. Best regards, Ilya Maximets. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
