[Toybox] [PATCH] readelf: harden against invalid input.
enh
enh at google.com
Tue Nov 17 16:29:10 PST 2020
On Thu, Nov 12, 2020 at 4:03 PM enh <enh at google.com> wrote:
>
> I also promised to fix readelf. Where in file(1) I made no attempt to
> say what was bad (or even to change `goto bad` to explicitly say that
> *anything* was bad), I believe that readelf is much more likely to be
> shown invalid ELF files, and that it would be useful to have some clue
> as to what's wrong. Relatedly, this patch removes all existing
> error_exit() calls in case it's being used on multiple files.
>
> Again, this survived ~24hrs of AFL++ trying to blow its house down.
actually, because i forgot to kill AFL++ and just lost the window in
my stack, this has now survived nearly a week of continuous fuzzing
:-)
> Test: ~/AFLplusplus/afl-fuzz -i tests/files/elf -o fuzz-out -- ./readelf -a @@
> ---
> toys/pending/readelf.c | 203 ++++++++++++++++++++++++-----------------
> 1 file changed, 119 insertions(+), 84 deletions(-)
More information about the Toybox
mailing list