DavidKorczynski
commented
2 years ago @0x34d Can you please assist here?
Open garyemiller opened 2 years ago
DavidKorczynski
commented
2 years ago @0x34d Can you please assist here?
0x34d
commented
2 years ago The issue was created by UBSAN, UBSAN is removed https://github.com/google/oss-fuzz/pull/8668
DavidKorczynski
commented
2 years ago The issue was created by UBSAN, UBSAN is removed #8668
Thanks, closing because of this.
garyemiller
commented
2 years ago Yo DavidKorczynski!
What does this mean: "UBSAN revoved"?
Why is @.*** not Cc:ed?
On Tue, 11 Oct 2022 03:39:27 -0700 DavidKorczynski @.***> wrote:
The issue was created by UBSAN, UBSAN is removed #8668
Thanks, closing because of this.
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 @.*** Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord KelvinReopening because of the missing CC.
DavidKorczynski
commented
2 years ago What does this mean: "UBSAN revoved"?
@garyemiller
UBSAN removed means that undefined behavior sanitizer is no longer enabled for the project.
OSS-Fuzz builds each project with several different sanitizers:
For each project, the list of sanitizers that are used is given in the project.yaml. This is the one for gpsd: https://github.com/google/oss-fuzz/blob/master/projects/gpsd/project.yaml
To avoid false positives we disabled UBSAN by removing "undefined" from the sanitizers list in the project.yaml: https://github.com/google/oss-fuzz/pull/8668/files#diff-cbb2b24fd2c3382993d512d0c379ffdef523bce2c27c332e25b8621812620988L15 This is because it was UBSAN that reported a false positive.
So now, two different sanitizers are used for gpsd, namely ASAN and MSAN.
DavidKorczynski
commented
2 years ago @garyemiller I think the issue access is being tracked in https://github.com/google/oss-fuzz/issues/8659#issuecomment-1266423404
Notice in particular what Oliver mentions "are there any other emails associated with the Google account?" --> this is relevant because the email in the project.yaml has to be the primary email of the Google account you're using to login
garyemiller
commented
2 years ago Yo DavidKorczynski!
On Tue, 11 Oct 2022 14:04:56 -0700 DavidKorczynski @.***> wrote:
What does this mean: "UBSAN revoved"?
UBSAN removed means that undefined behavior sanitizer is no longer enabled for the project.
Well, I certainly do not want UBSAN removed!
So now, two different sanitizers are used for gpsd, namely ASAN and MSAN.
We'll see how they work, not good so far...
Why is @.*** not Cc:ed?
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 @.*** Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord KelvinWell, I certainly do not want UBSAN removed!
UBSAN was removed because of this comment I believe https://github.com/google/oss-fuzz/pull/8668#issuecomment-1267322330 stating gpsd's preference is no false positives. I can put it back on -- let me know if you'd like me to do this. That said, I can see from https://github.com/google/oss-fuzz/issues/8658 the original query is actually to get the ability to mark issues as false positive / wontfix. Let me follow up in this thread.
Why is @.*** not Cc:ed?
I'm unsure as I have not been involve in this integration. It seems like the email is hidden behind stars? Could you write it out in clear text then I'll get CCed.
garyemiller
commented
2 years ago UBSAN was removed because of this comment I believe https://github.com/google/oss-fuzz/pull/8668#issuecomment-1267322330 stating gpsd's preference is no false positives. I can put it back on -- let me know if you'd like me to do this.
Yes, we want no false positives, but that should not require turning off 1/3 of the checks.
What I would like is the false positive fixed and the ability to mark problems as false positives. Covery, Codacy, pycodestyle, etc. all allow me to mark individual lines in code as false positives. Why not this project?
garyemiller
commented
3 months ago Hello As you may have noticed, I sent you an email from your email account @.*** This means that I have full access to your account I have been watching you for a few months The problem is that you were infected with njrat through an adult website that you visited If you don't know about this, let me explain njrat gives me full access and control over your device. This means that I can see everything on your screen, turn on the camera and microphone, but you don't know I also have access to all your contacts and all your correspondence. On the left half of the screen, I made a video showing how you pleasured yourself, on the right half you see the video that you watched. With a click of the mouse I can send this video to all your emails and contacts on social networks I can also see access to all your communication and messaging programs that you use. If you want to avoid this, Transfer the amount of 1200 USD to my bitcoin address write moonpay or banxa or go to p2p exchange if you don't know My Bitcoin address (BTC wallet): 1J9mGro5tqDNje8qKnLJ36a5vj2Wh2bv1J After the payment is received, I will delete the video and you will not hear from me again I am giving you 48 hours to pay Don't forget that I will see you when I open the message, the counter will start If I notice that you have shared this message with someone else, the video will be posted immediately
Issue 52047 is a false positive, similar to resolved issue 52037.
There is nothing "undefined" about a left shift of unsigned integers!
I still can't access:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52047