Several bugs in xfs-progs when parsing invalid input
Hanno Böck
hanno at hboeck.de
Thu Nov 5 10:47:32 CST 2015
Hi,
A while ago I reported a couple of bugs into your bugtracker about
issues in xfs_repair that I found through fuzzing (with the tool
american fuzzy lop).
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1119
null pointer access
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1120
out of bounds heap read access
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1121
http://oss.sgi.com/bugzilla/show_bug.cgi?id=1122
2x assert
When opening these bugs I got an error message. I then contacted your
support and almost two months(!) later I got a reply telling me that I
should not use bugzilla, instead I should report bugs to this mailing
list.
Your webpage however clearly states that I should use bugzilla:
http://oss.sgi.com/projects/xfs/
This is all a bit ridiculous. If you don't want people to use your
bugzilla don't say so on your webpage and preferrably disable the
creation of new bugs.
Anyway: Please have a look at the bugs I reported (and once they're
fixed I'll happily re-test the code to see if there are more issues
that can be found via fuzzing).
--
Hanno Böck
http://hboeck.de/
mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://oss.sgi.com/pipermail/xfs/attachments/20151105/2365fc37/attachment.sig>
More information about the xfs
mailing list