2018.04.09 07:29 "[Tiff] fuzzing libtiff with google's oss-fuzz", by Paul Kehrer
- 2018.04.09 08:05 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Nicolas RUFF
- 2018.04.09 11:57 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault
- 2018.04.15 14:34 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault
2018.04.16 00:36 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Paul Kehrer
Thanks for the reminder! I've submitted the PR to gitlab to move the build script and fuzzer. Once that merges we can merge a change on the oss-fuzz side and it'll all be in the libtiff source tree!
-Paul
On April 15, 2018 at 10:36:03 PM, Even Rouault (even.rouault@spatialys.com) wrote:
one of the issue raised is a integer overflow in the tiff_read_rgba_fuzzer.cc code itself
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7540
/src/tiff_read_rgba_fuzzer.cc:36:22: runtime error: signed integer overflow: -3977127075081250816 * 4 cannot be represented in type 'long'
Would probably be good to move most of the code&scripts in a fuzzers/ subdir of the libtiff repo with minimal bootstrapping in the ossfuzz repo