[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue 52206 in oss-fuzz: gpsd:FuzzLibgps: Use-of-uninitialized-value
|
From: |
Gary E. Miller |
|
Subject: |
Re: Issue 52206 in oss-fuzz: gpsd:FuzzLibgps: Use-of-uninitialized-value in gps_unpack |
|
Date: |
Fri, 7 Oct 2022 10:29:29 -0700 |
Yo ClusterFuzz-External!
I still get permission denied when I try to acccess
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52206
This bug is invalid. The fuzzer is calling an internal function,
gps_unpack(), that needs a NUL terminated string input, and then
complaining when the input buffer is overrun. That is like complaning
about strlen() overrunning a non NUL terminated strgin.
The fuzzer is calling an internal function, gps_unpack(), that is not
accessible from the outside. In normal operation there is a NUL check
before calling gpsd_unpack().
On Fri, 07 Oct 2022 09:17:26 -0700
ClusterFuzz-External via monorail <monorail+v2.382749006@chromium.org>
wrote:
> Status: New
> Owner: ----
> CC: gpsd-...@nongnu.org, ajsin...@gmail.com, g...@rellim.com
> Labels: Restrict-View-Commit ClusterFuzz Reproducible
> Stability-Memory-MemorySanitizer Engine-libfuzzer OS-Linux
> Security_Severity-Medium Proj-gpsd Reported-2022-10-07 Type:
> Bug-Security
>
> New issue 52206 by ClusterFuzz-External: gpsd:FuzzLibgps:
> Use-of-uninitialized-value in gps_unpack
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52206
>
> Detailed Report: https://oss-fuzz.com/testcase?key=4622383801827328
>
> Project: gpsd
> Fuzzing Engine: libFuzzer
> Fuzz Target: FuzzLibgps
> Job Type: libfuzzer_msan_gpsd
> Platform Id: linux
>
> Crash Type: Use-of-uninitialized-value
> Crash Address:
> Crash State:
> gps_unpack
> FuzzLibgps.c
>
> Sanitizer: memory (MSAN)
>
> Recommended Security Severity: Medium
>
> Crash Revision:
> https://oss-fuzz.com/revisions?job=libfuzzer_msan_gpsd&revision=202210060604
>
> Reproducer Testcase:
> https://oss-fuzz.com/download?testcase_id=4622383801827328
>
> Issue filed automatically.
>
> See https://google.github.io/oss-fuzz/advanced-topics/reproducing for
> instructions to reproduce this bug locally. When you fix this bug,
> please
> * mention the fix revision(s).
> * state whether the bug was a short-lived regression or an old bug
> in any stable releases.
> * add any other useful information.
> This information can help downstream consumers.
>
> If you need to contact the OSS-Fuzz team with a question, concern, or
> any other feedback, please file an issue at
> https://github.com/google/oss-fuzz/issues. Comments on individual
> Monorail issues are not monitored.
>
> This bug is subject to a 90 day disclosure deadline. If 90 days elapse
> without an upstream patch, then the bug report will automatically
> become visible to the public.
>
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgpslGgiqG6VA.pgp
Description: OpenPGP digital signature