Hi,
A while ago I reported a couple of bugs into your bugtracker about
issues in xfs_repair that I found through fuzzing (with the tool
american fuzzy lop).
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1119
null pointer access
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1120
out of bounds heap read access
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1121
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1122
2x assert
When opening these bugs I got an error message. I then contacted your
support and almost two months(!) later I got a reply telling me that I
should not use bugzilla, instead I should report bugs to this mailing
list.
Your webpage however clearly states that I should use bugzilla:
http://oss.sgi.com/projects/xfs/
This is all a bit ridiculous. If you don't want people to use your
bugzilla don't say so on your webpage and preferrably disable the
creation of new bugs.
Anyway: Please have a look at the bugs I reported (and once they're
fixed I'll happily re-test the code to see if there are more issues
that can be found via fuzzing).
--
Hanno BÃck
http://hboeck.de/
mail/jabber: hanno@xxxxxxxxx
GPG: BBB51E42
pgpvkYh5grjNK.pgp
Description: OpenPGP digital signature
|