search

phylum-dev / cli

Command line interface for the Phylum API
https://phylum.io
GNU General Public License v3.0
99 stars 10 forks source link

Fix panic in SPDX parser #1368

Closed cd-work closed 4 months ago

cd-work commented 4 months ago

Closes #1364.

cd-work commented 4 months ago

Converted to draft for now because I fixed one more crash and found at least another one.

cd-work commented 4 months ago

Ran libfuzz for a while and only found the SPDX issue.

Ran afl (which usually performs better) and almost immediately found both the SPDX and the C# issue. Ran it for a couple hours (over 10 million execs) and found no more crashes.

cd-work commented 4 months ago

but it appears the test input file from https://github.com/phylum-dev/cli/issues/1364 is still not valid SPDX (which is expected?):

Yes.