Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error if using negative length in str() and buf() #1621

Merged
merged 1 commit into from
Nov 20, 2020

Conversation

mmisono
Copy link
Collaborator

@mmisono mmisono commented Nov 15, 2020

This disables a negative length in str() and buf(), such as buf("aaa", -1).

Checklist
  • Language changes are updated in docs/reference_guide.md
  • User-visible and non-trivial changes updated in CHANGELOG.md
  • The new behaviour is covered by tests

@mmisono mmisono added the do-not-merge Changes are not ready to be merged into master yet label Nov 15, 2020
mmisono added a commit to mmisono/bpftrace that referenced this pull request Nov 17, 2020
LibFuzzer is a coverage-guided fuzzer developed with llvm/clang.
LibFuzzer's main target is a function, and the biggest difference
between AFL and the libfuzzer is that the former re-executes the program
after each execution (actually it does fork), while the libFuzzer keeps
calling the target function in the main loop.

The main target of the libfuzzer is a function, but with a few
changes, it can be fuzzed from the beginning of the program, like the
AFL.

Because the current bpftrace is known to have memory leaks and there
might be probably some global states, it may not be suitable for
libfuzzer. But libFuzzer already found several bugs (bpftrace#1618, bpftrace#1621). Also,
it seems oss-fuzz expects the libfuzzer interface, so support it is a good thing.
@mmisono mmisono mentioned this pull request Nov 17, 2020
3 tasks
src/ast/semantic_analyser.cpp Outdated Show resolved Hide resolved
src/ast/semantic_analyser.cpp Outdated Show resolved Hide resolved
mmisono added a commit to mmisono/bpftrace that referenced this pull request Nov 18, 2020
LibFuzzer is a coverage-guided fuzzer developed with llvm/clang.
LibFuzzer's main target is a function, and the biggest difference
between AFL and the libfuzzer is that the former re-executes the program
after each execution (actually it does fork), while the libFuzzer keeps
calling the target function in the main loop.

The main target of the libfuzzer is a function, but with a few
changes, it can be fuzzed from the beginning of the program, like the
AFL.

Because the current bpftrace is known to have memory leaks and there
might be probably some global states, it may not be suitable for
libfuzzer. But libFuzzer already found several bugs (bpftrace#1618, bpftrace#1621). Also,
it seems oss-fuzz expects the libfuzzer interface, so support it is a good thing.
mmisono added a commit to mmisono/bpftrace that referenced this pull request Nov 18, 2020
LibFuzzer is a coverage-guided fuzzer developed with llvm/clang.
LibFuzzer's main target is a function, and the biggest difference
between AFL and the libfuzzer is that the former re-executes the program
after each execution (actually it does fork), while the libFuzzer keeps
calling the target function in the main loop.

The main target of the libfuzzer is a function, but with a few
changes, it can be fuzzed from the beginning of the program, like the
AFL.

Because the current bpftrace is known to have memory leaks and there
might be probably some global states, it may not be suitable for
libfuzzer. But libFuzzer already found several bugs (bpftrace#1618, bpftrace#1621). Also,
it seems oss-fuzz expects the libfuzzer interface, so support it is a good thing.
@mmisono mmisono force-pushed the fix_negative_length2 branch from 77db219 to cfbf9d4 Compare November 18, 2020 10:50
@mmisono mmisono force-pushed the fix_negative_length2 branch from cfbf9d4 to 76b4cfd Compare November 20, 2020 18:58
@mmisono mmisono removed the do-not-merge Changes are not ready to be merged into master yet label Nov 20, 2020
@mmisono mmisono merged commit 8c0b72a into bpftrace:master Nov 20, 2020
mmisono added a commit to mmisono/bpftrace that referenced this pull request Nov 20, 2020
LibFuzzer is a coverage-guided fuzzer developed with llvm/clang.
LibFuzzer's main target is a function, and the biggest difference
between AFL and the libfuzzer is that the former re-executes the program
after each execution (actually it does fork), while the libFuzzer keeps
calling the target function in the main loop.

The main target of the libfuzzer is a function, but with a few
changes, it can be fuzzed from the beginning of the program, like the
AFL.

Because the current bpftrace is known to have memory leaks and there
might be probably some global states, it may not be suitable for
libfuzzer. But libFuzzer already found several bugs (bpftrace#1618, bpftrace#1621). Also,
it seems oss-fuzz expects the libfuzzer interface, so support it is a good thing.
fbs pushed a commit that referenced this pull request Nov 23, 2020
LibFuzzer is a coverage-guided fuzzer developed with llvm/clang.
LibFuzzer's main target is a function, and the biggest difference
between AFL and the libfuzzer is that the former re-executes the program
after each execution (actually it does fork), while the libFuzzer keeps
calling the target function in the main loop.

The main target of the libfuzzer is a function, but with a few
changes, it can be fuzzed from the beginning of the program, like the
AFL.

Because the current bpftrace is known to have memory leaks and there
might be probably some global states, it may not be suitable for
libfuzzer. But libFuzzer already found several bugs (#1618, #1621). Also,
it seems oss-fuzz expects the libfuzzer interface, so support it is a good thing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants