[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Security] gpsd integration in oss-fuzz infrastructure

From: Gary E. Miller
Subject: Re: [Security] gpsd integration in oss-fuzz infrastructure
Date: Sun, 18 Sep 2022 10:37:38 -0700

Yo Arjun!

On Sun, 18 Sep 2022 17:43:37 +0530
Arjun singh <> wrote:

> Can I have your attention on security-related issues in gpsd?


> To find memory security-related bugs in Project gpsd,
> There is a PR in oss-fuzz:

I see it, not sure what we can do with it.

> Can you check the harness for fuzzing in PR,

I can't build it, as I dont run Docker.  So I can't run it.

I looked at the code, but don't understand it.

One thing I do note:

#include "gpsd_config.h"
#include "gpsd.h"

Clients should not be using those files.  They are never installed in
the host when building gpsd.  So how are you getting them?

gpsd has a 3.9MB of regression test input data.  And a test framework to
handle it.  Why not fuzz that data?

> And *vendor_ccs* for who to receive bug reports from oss-fuzz and fix
> them. is fine.

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703  Tel:+1 541 382 8588

            Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin

Attachment: pgpGADl7wgRWq.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]