Re: [Bug-readline] Readline fuzz testing

bug-readline

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-readline] Readline fuzz testing

From:	Ben Wong
Subject:	Re: [Bug-readline] Readline fuzz testing
Date:	Tue, 11 Jul 2017 00:53:59 -0700

I'm not sure where to find it on the web page, but you can page
through the most recent changes using `git log -p` and find some
patches that look like they might be relevant (e.g., char
mb[MB_LEN_MAX] -> char mb[MB_LEN_MAX+1]:

    git clone https://git.savannah.gnu.org/git/readline.git
    git checkout devel
    git log -p

I can confirm that when I compile readline using the devel branch from
Savannah, it fixes some, but not all, of the bugs I found. In
particular, examples A & C seem to work, but if you try dataset B in
my examples, it still triggers a memory allocation problem (heap usage
after free).

Also, running the fuzz program as I described finds more problems. I'm
attaching as example D another input file that causes readline-devel
to go into an infinite loop. Also,


On 7/10/17, address@hidden <address@hidden> wrote:
> Hi Chet,
>
> I'm curious to see what kind of fixes were made. Can you point us to
> two or three of them by URL? I'm looking here and I've navigated
> around a bit but I can't seem to orient myself:
>
> http://git.savannah.gnu.org/cgit/readline.git/
>
> This sounds like an interesting learning opportunity...
>
> Thanks,
>
> Frederick
>
> On Mon, Jul 10, 2017 at 10:03:12AM -0400, Chet Ramey wrote:
>> On 7/9/17 2:10 AM, Ben Wong wrote:
>> > Readline is causing bash to dump core every once in a bluemoon. It's
>> > extremely infrequent and hard to reproduce, so, to debug it, I'm using
>> > random input from fuzz(1). It turns out, libreadline *consistently*
>> > crashes (segmentation fault) or hangs (infinite loop using all CPU)
>> > under fuzz testing.
>>
>> These have all been fixed, and are fixed in both the readline and bash
>> devel git branches on savannah.  Thanks for taking a look.
>>
>> Eduardo Bustamante did a lot of work fuzzing readline via bash's `read
>> -e'
>> and uncovered these and other, very old, bugs.
>>
>> Chet
>> --
>> ``The lyf so short, the craft so long to lerne.'' - Chaucer
>>               ``Ars longa, vita brevis'' - Hippocrates
>> Chet Ramey, UTech, CWRU    address@hidden
>> http://cnswww.cns.cwru.edu/~chet/
>>
>> _______________________________________________
>> Bug-readline mailing list
>> address@hidden
>> https://lists.gnu.org/mailman/listinfo/bug-readline
>>
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-readline] Readline fuzz testing, Ben Wong, 2017/07/09
- Re: [Bug-readline] Readline fuzz testing, Chet Ramey, 2017/07/10
  - Re: [Bug-readline] Readline fuzz testing, frederik, 2017/07/10
    - Re: [Bug-readline] Readline fuzz testing, Ben Wong <=
    - Re: [Bug-readline] Readline fuzz testing, Ben Wong, 2017/07/11
    - Re: [Bug-readline] Readline fuzz testing, Ben Wong, 2017/07/11
    - Re: [Bug-readline] Readline fuzz testing, Chet Ramey, 2017/07/11
    - Re: [Bug-readline] Readline fuzz testing, Chet Ramey, 2017/07/11
    - Re: [Bug-readline] Readline fuzz testing, frederik, 2017/07/11
    - Re: [Bug-readline] Readline fuzz testing, Chet Ramey, 2017/07/11
    - Re: [Bug-readline] Readline fuzz testing, Chet Ramey, 2017/07/11
    - Re: [Bug-readline] Readline fuzz testing, Chet Ramey, 2017/07/11
    - Re: [Bug-readline] Readline fuzz testing, Chet Ramey, 2017/07/11
- Re: [Bug-readline] Readline fuzz testing, Ben Wong, 2017/07/11

Prev by Date: Re: [Bug-readline] Readline fuzz testing
Next by Date: Re: [Bug-readline] Readline fuzz testing
Previous by thread: Re: [Bug-readline] Readline fuzz testing
Next by thread: Re: [Bug-readline] Readline fuzz testing
Index(es):
- Date
- Thread