lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Jun 2018 04:57:42 +0000
From:   bugzilla-daemon@...zilla.kernel.org
To:     linux-ext4@...nel.org
Subject: [Bug 200109] BUG: KASAN: use-after-free in ext4_xattr_set_entry
 fs/ext4/xattr.c:1598

https://bugzilla.kernel.org/show_bug.cgi?id=200109

Theodore Tso (tytso@....edu) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tytso@....edu

--- Comment #2 from Theodore Tso (tytso@....edu) ---
Thanks for reporting this bug and marking it as a duplicate.   Please note that
Syzkaller is really terrible at creating an actionable bug report.   But at
least the mainline Syzkaller creates a repro.c file which a developer can run
--- instead of having to paw through a one megabyte log file which apparently
has a huge number of unrelated test programs.

Syzkaller programs are also not in as stable language, so unless you know
exactly what version of syzkaller was used to create a syzkaller repro, it's
mostly useless.   Indeed, Dmitry has essentially advised me to ignore the
syzkaller repro, since otherwise you have to check out the precise version of
syzkaller used to create the repro, and use it to run the syzkaller repro.   I
personally think that's a terrible design, but at least there is the
alternative of using the repro.c file.

I'd strongly encourage that you work on enhancing Syzkaller so it can generate
a sample image file combined with a poc.c file, the way Wen Xu's fuzzing system
works.  It results in a much more developer-friendly report that is much easier
for me to act upon --- with the result that his work has far more impact.

See:

https://bugzilla.kernel.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=RESOLVED&component=ext4&email1=wen.xu%40gatech.edu&emailreporter1=1&emailtype1=substring&known_name=Open%20Wen%27s%20problems&list_id=990219&query_based_on=Open%20Wen%27s%20problems&query_format=advanced

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ