| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jun 2018 05:39:54 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: linux-ext4@...nel.org
Subject: [Bug 200109] BUG: KASAN: use-after-free in ext4_xattr_set_entry
fs/ext4/xattr.c:1598
https://bugzilla.kernel.org/show_bug.cgi?id=200109
--- Comment #3 from icytxw (icytxw@...il.com) ---
Thanks for your advise, I also know that syzkaller's log file is not so easy to
understand.
And because the possibility of some bug being triggered is very small, it is
not so easy to
generate a .c file. In the next time, I will work on how to reproduce possible
bugs just like
Wen Xu’s fuzzing system.
Thanks again
发件人: bugzilla-daemon@...zilla.kernel.org
发送时间: 2018年6月18日 12:57
收件人: icytxw@...il.com
主题: [Bug 200109] BUG: KASAN: use-after-free in
ext4_xattr_set_entryfs/ext4/xattr.c:1598
https://bugzilla.kernel.org/show_bug.cgi?id=200109
Theodore Tso (tytso@....edu) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tytso@....edu
--- Comment #2 from Theodore Tso (tytso@....edu) ---
Thanks for reporting this bug and marking it as a duplicate. Please note that
Syzkaller is really terrible at creating an actionable bug report. But at
least the mainline Syzkaller creates a repro.c file which a developer can run
--- instead of having to paw through a one megabyte log file which apparently
has a huge number of unrelated test programs.
Syzkaller programs are also not in as stable language, so unless you know
exactly what version of syzkaller was used to create a syzkaller repro, it's
mostly useless. Indeed, Dmitry has essentially advised me to ignore the
syzkaller repro, since otherwise you have to check out the precise version of
syzkaller used to create the repro, and use it to run the syzkaller repro. I
personally think that's a terrible design, but at least there is the
alternative of using the repro.c file.
I'd strongly encourage that you work on enhancing Syzkaller so it can generate
a sample image file combined with a poc.c file, the way Wen Xu's fuzzing system
works. It results in a much more developer-friendly report that is much easier
for me to act upon --- with the result that his work has far more impact.
See:
https://bugzilla.kernel.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&component=ext4&email1=wen.xu%40gatech.edu&emailreporter1=1&emailtype1=substring&known_name=Open%20Wen%27s%20problems&list_id=990219&query_based_on=Open%20Wen%27s%20problems&query_format=advanced
--
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists