☰LibTiff Mailing List Archive

2018.04.09 07:29 "[Tiff] fuzzing libtiff with google's oss-fuzz", by Paul Kehrer

2018.04.09 08:05 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Nicolas RUFF
- 2018.04.09 08:19 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Paul Kehrer
  - 2018.04.09 13:44 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Bob Friesenhahn
    - 2018.04.09 14:09 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault
      - 2018.04.09 14:52 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Bob Friesenhahn
      - 2018.04.09 19:27 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Roger Leigh
- 2018.04.09 09:48 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Paavo Helde
2018.04.09 11:57 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault
- 2018.04.10 01:50 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Paul Kehrer
  - 2018.04.10 11:50 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault
2018.04.15 14:34 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault
- 2018.04.16 00:36 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Paul Kehrer

2018.04.15 14:34 "Re: [Tiff] fuzzing libtiff with google's oss-fuzz", by Even Rouault

Paul,

one of the issue raised is a integer overflow in the tiff_read_rgba_fuzzer.cc code itself

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7540

/src/tiff_read_rgba_fuzzer.cc:36:22: runtime error: signed integer overflow: -3977127075081250816 * 4 cannot be represented in type 'long'

Would probably be good to move most of the code&scripts in a fuzzers/ subdir of the libtiff repo with minimal bootstrapping in the ossfuzz repo

Even

--
Spatialys - Geospatial professional services
http://www.spatialys.com