oss-sec mailing list archives
Re: How serious is undefined behavior?
From: Alexander Cherepanov <ch3root () openwall com>
Date: Thu, 09 Jul 2015 17:37:55 +0300
On 2015-07-06 19:17, Hanno Böck wrote:
Would people think it's a wise idea to put a lot of effort into testing applications with ubsan enabled and reporting all the bugs that pop up?
I think the situation is the same as with other bugs -- it depends on the project. I would report them if the application in question is in a good shape. Otherwise I would start with crashes.
My experience in fuzzing binutils[1] and elfutils[2] with ubsan was quite positive. It was easy to integrate it into my workflow and all reported issues were promptly fixed by the maintainers.
[1] reports with ubsan start at https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c196 https://sourceware.org/bugzilla/show_bug.cgi?id=17531#c82 [2] reports with ubsan start at https://bugzilla.redhat.com/show_bug.cgi?id=1170810#c29 -- Alexander Cherepanov
Current thread:
- How serious is undefined behavior? Hanno Böck (Jul 06)
- Re: How serious is undefined behavior? John Haxby (Jul 06)
- Re: How serious is undefined behavior? Daniel Micay (Jul 06)
- Re: How serious is undefined behavior? Solar Designer (Jul 06)
- Re: How serious is undefined behavior? Alexander Cherepanov (Jul 09)
- Re: How serious is undefined behavior? Solar Designer (Jul 12)
- Re: How serious is undefined behavior? Alexander Cherepanov (Jul 13)
- Re: How serious is undefined behavior? Xi Wang (Jul 13)