radare
commented
7 years ago Can you rebase instead of merge? Merges always fuckup history. I would suggest to do that on a different pr/branch to prevent tragedies.
Thanks! I'll review those changes later today
On 21 Apr 2017, at 12:06, Elia Geretto notifications@github.com wrote:
The project was fuzzed using AFL with ASAN. We used the - command line argument so that the sdb interpreter would read from stdin. For every commit, the test suite was also run in order to check for regressions. If needed, we can also provide the crashing test cases that motivate the changes.
(The commits are duplicated due to a git merge, sorry for that)
You can view, comment on, or merge this pull request online at:
https://github.com/radare/sdb/pull/132
Commit Summary
Fix out-of-bounds write in stdin_slurp Fix incorrect buffer dimension calculation in sdb_json_set Harden rangstr_int and rangstr_find against empty Rangstr Fix out-of-bounds write in sdb_json_set Fix JSON key deletion Fix out-of-bounds read in sdb_json_set Fix out-of-bounds write in sdb_querys Fix segmentation fault in sdb_querys Prevent the use of uninitialized memory in json_find Prevent NULL-pointer dereference handling non-existent key in sdb_querys Avoid free on a pointer to the stack in sdb_querys Avoid possible malloc with integer-overflown size Fix use-after-free in sdb_querys Fix negative-index access to array in sdb_json_set Calculate properly allocation size in sdb_json_indent Fix out-of-bounds write in sdb_array_sort_num Fix NULL-pointer dereference in sdb_querys Always update len after an allocation of buf in sdb_querys Fix array access with negative index in json_find Fix regression introduced in 35d9c85 Fix out-of-bounds write in stdin_slurp Fix incorrect buffer dimension calculation in sdb_json_set Harden rangstr_int and rangstr_find against empty Rangstr Fix out-of-bounds write in sdb_json_set Fix JSON key deletion Fix out-of-bounds read in sdb_json_set Fix out-of-bounds write in sdb_querys Fix segmentation fault in sdb_querys Prevent the use of uninitialized memory in json_find Prevent NULL-pointer dereference handling non-existent key in sdb_querys Avoid free on a pointer to the stack in sdb_querys Avoid possible malloc with integer-overflown size Fix use-after-free in sdb_querys Fix negative-index access to array in sdb_json_set Calculate properly allocation size in sdb_json_indent Fix out-of-bounds write in sdb_array_sort_num Fix NULL-pointer dereference in sdb_querys Always update len after an allocation of buf in sdb_querys Fix array access with negative index in json_find Fix regression introduced in 35d9c85 Merge branch 'bugfix' of github.com:EliaGeretto/sdb into bugfix File Changes
M src/array.c (31) M src/json.c (51) M src/json/indent.c (59) M src/json/path.c (37) M src/json/rangstr.c (14) M src/main.c (24) M src/query.c (63) Patch Links:
https://github.com/radare/sdb/pull/132.patch https://github.com/radare/sdb/pull/132.diff — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
EliaGeretto
The project was fuzzed using AFL with ASAN. We used the
-command line argument so that thesdbinterpreter would read from stdin. For every commit, the test suite was also run in order to check for regressions. If needed, we can also provide the crashing test cases that motivate the changes.(The commits are duplicated due to a git merge, sorry for that)