On Tue, 2021-10-05 at 09:00 -0600, Jeff Law wrote: > > > On 10/4/2021 10:52 AM, Luís Ferreira wrote: > > On Thu, 2021-09-23 at 09:50 -0600, Jeff Law wrote: > > > > > > On 9/23/2021 4:16 AM, ibuclaw--- via Gcc-patches wrote: > > > > > On 22/09/2021 03:10 Luís Ferreira <cont...@lsferreira.net> > > > > > wrote: > > > > > > > > > > > > > > > Currently a stack/heap overflow may happen if a crafted > > > > > mangle is > > > > > maliciously used to cause denial of service, such as > > > > > intentional > > > > > crashes > > > > > by accessing a reserved memory space. > > > > > > > > > Hi, > > > > > > > > Thanks for this. Is there a test that could trigger this code > > > > path? > > > I don't think Luis has commit privs, so I went ahead and > > > committed > > > this > > > patch. > > > > > > Yea, a testcase would be great. > > > > > > Jeff > > > > > Does the test suite runned against address sanitization? if yes, I > > can > > submit a patch to make this fail, otherwise it is hard to trigger a > > consistent crash for this issue. > Unfortunately, no it doesn't run with sanitization. If it's too > painful > to create a test, don't worry about it. It happens from time to > time. > > jeff
I would like to add address sanitization if I knew how GCC autotools work but I think this is a better fit when I invest some time implementing something to OSS fuzz and build some infrastructure for fuzzing parts of the GCC. -- Sincerely, Luís Ferreira @ lsferreira.net
signature.asc
Description: This is a digitally signed message part