| Pretraživanje | Osvježi |
|
David Neto
@dneto1969
|
26. kol |
|
Ok, rewind to early 2017. My team was going to write a SPIR-V backend to DXC, lovingly called Spiregg github.com/microsoft/Dire….
Question was: how were we going to test it?
#ossfuzz
|
||
|
||
|
Kurt Schwehr
@kurtschwehr
|
11. svi 2018. |
|
GDAL 2.3.0 released! Sadly, I didn't get to test the release candidates (newborn human in the house) @EvenRouault has been crazy productive and this... "More than 1000 fixes for issues/vulnerabilities found by OSS-Fuzz"
lists.osgeo.org/pipermail/gdal… #ossfuzz
|
||
|
|
||
|
Even Rouault
@EvenRouault
|
14. tra 2018. |
|
|
||
|
László Szekeres
@lszekeres
|
15. srp |
|
Fuzz Driver Generation at Scale!
Check out the preprint of our @FSEconf paper at: ai.google/research/pubs/…
work w/ D. Babic, @sbucur, Y. Chen, @fivancic, T. King, M. Kusano, @cestlemieux, W. Wang.
See you at @FSEconf in August! #esecfse #google #fuzzing #ossfuzz
|
||
|
|
||
|
Franjo Ivancic
@fivancic
|
30. kol |
|
I am really proud of my team for receiving a best paper award at #esecfse19!
Check it out at ai.google/research/pubs/…. We synthesize drivers that find security and reliability issues using fuzzing. Many run in #ossfuzz - supported with integration rewards security.googleblog.com/2018/11/a-new-… pic.twitter.com/eQpF6rlCTz
|
||
|
||
|
Edward Hervey (bilboed@bilboed.tech on fediverse)
@bilboed
|
30. lis 2017. |
|
Finally got @gstreamer integrated into #ossfuzz 🤘 and interesting bugs from 2003 code are popping up :)
|
||
|
|
||
|
|
Kurt Schwehr
@kurtschwehr
|
17. pro 2017. |
|
#GDAL has so far been > 14% of the #OSSFuzz bugs. Measured by 675 commits crediting OSS Fuzz and OSS Fuzz being at about bug 4672. Credit to @EvenRouault for bug fixing!
|
||
|
|
||
|
|
Even Rouault
@EvenRouault
|
12. kol |
|
#ossfuzz is now fuzzing GDAL on i386 and has already found a few 32-bit specific (or generic but easier to spot) bugs
|
||
|
|
||
|
|
Even Rouault
@EvenRouault
|
6. tra 2018. |
|
#ossfuzz creativity makes me discover features of GDAL I was unaware of. For example "ogr2ogr myoutputdatasource myinputdatasourcewithseverallayers -nln somename" will 'merge' all the input layers into a single one (for drivers that support adding fields to non empty layers)
|
||
|
|
||
|
catenacyber
@catenacyber
|
23. svi |
|
Sharing #ossfuzz bounty with @unicorn_engine... Help would now be appreciated for merging it with latest #qemu
|
||
|
|
||
|
Jonathan Foote
@footePGH
|
7. sij 2018. |
|
|
||
|
|
Even Rouault
@EvenRouault
|
30. ožu 2018. |
|
Ironically the #ossfuzz fuzzer for ogr2ogr I wrote to find bugs in the writing part of drivers also helps finding bugs in the reading part :-)
|
||
|
|
||
|
Semmle
@Semmle
|
24. lip |
|
Who analyses an OSS project’s security over time? Check out these 4 open security examples that are raising the bar - #ossfuzz @github #internetbugbounty
hubs.ly/H0jt4CY0
|
||
|
|
||
|
|
Even Rouault
@EvenRouault
|
27. lip 2017. |
|
I'm crediting #OSSFuzz in ticket commits for bugs it discovered in ... fuzzers I wrote for it...
|
||
|
|
||
|
Victor (vitaut) Zverovich
@vzverovich
|
30. lip |
|
oss-fuzz integration has been merged into {fmt}: github.com/fmtlib/fmt/pul… Thanks to @PaulDreik! #ossfuzz #fmtlib
|
||
|
|
||
|
|
Even Rouault
@EvenRouault
|
19. lis |
|
@kurtschwehr Discovering from Bas email that someone has taken care of registering a CVE at least for one of the GDAL #ossfuzz issues: nvd.nist.gov/vuln/detail/CV… . Why this one and not others is a mystery :-)
|
||
|
|
||
|
|
Even Rouault
@EvenRouault
|
21. svi 2017. |
|
|
||
|
|
Even Rouault
@EvenRouault
|
9. lip 2017. |
|
Crazy that this UK/Ordnance Survey NTF vector format, that no one no longer uses, generates so many #OSSFuzz bug reports.
|
||
|
|
||
|
N. Mavrogiannopoulos
@nmav_t
|
22. tra 2017. |
|
|
||
|
|
||
|
|
David Neto
@dneto1969
|
26. kol |
|
Ok, first fix of a fuzzer bug is: github.com/google/effcee/…
When parsing the checks string, there are cases where a string intended as a regexp isn't a valid RE2 regexp.
The fix is to check those cases and fail early. Prevents a heap-buffer-overflow later on
#ossfuzz
|
||
|
|
||
