20 May
2024
20 May
'24
5:58 p.m.
Ralph Corderoy <ralph(a)inputplus.co.uk> wrote:
This is the first time I've heard of making life
difficult for fuzzers
so I'm curious...
I was making life easier for me. :-)
I'm assuming you agree the eventual core dump was
a bug somewhere to be
fixed, and probably was.
Not really. Hugely syntactically invalid programs can end up causing
memory corruption as necessary data structures don't get built correctly
(or at all); since they're invalid, subsequent bits of gawk that expect
valid data structures end up not working. These are "bugs" that can't
happen when using the tool correctly.
Stopping on the first error lessens the ‘attack
surface’ for the
fuzzer. Do you think there remains a bug which would bite a user which
the fuzzer might have found more easily before the shrunken surface?
No.
I don't have any examples handy, but you can look back through the
bug-gawk archives for some examples of these reports. The number
of true bugs that fuzzers have caught (if any!) could be counted
on one hand.
Sometimes they like to claim that the "bugs" they find could cause
denial of service attacks. That's also specious, gawk isn't used for
long-running server kinds of programs.
The joys of being a Free Software Maintainer.
Arnold
P.S. I don't claim that gawk is bug-free. But I do think that there
are qualitatively different kinds of bugs, and bug reports.