Author Archives: ago

gentoo tinderbox

If you are visiting this page, it is very likely that the software you maintain has been analyzed by my tinderbox system. What is a tinderbox? It is a machine that compiles 24/7 that aims to find build failures, test … Continue reading

Posted in arch testing, gentoo | Leave a comment

re2c: heap overflow in Scanner::fill (scanner.cc)

Description: re2c is a tool for generating C-based recognizers from regular expressions. There is an heap overflow reproducible with a crafted file. ~ $ re2c -o /tmp/out $FILE ================================================================= ==43995==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x629000004212 at pc 0x00000049937f bp 0x7ffc0521bc00 … Continue reading

Posted in advisories, security | Leave a comment

Why I stopped fuzzing research

If you followed me in the past, you may have noticed that I stopped fuzzing research. During this time many people have asked me why…so instead of repeating the same answer every time, why not write a few lines about … Continue reading

Posted in advisories, gentoo, security | 4 Comments

Install Gentoo in less than one minute

I’m pretty sure that the title of this post will catch your attention…and/or maybe your curiosity. Well..this is something I’m doing since years…and since did not cost too much to make it in a public and usable state, I decided … Continue reading

Posted in gentoo | 7 Comments

binutils: invalid memory read in find_abstract_instance_name (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==23816==ERROR: AddressSanitizer: SEGV on unknown address 0x4700004008d0 (pc 0x0000005427b6 bp … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in concat_filename (dwarf2.c) (INCOMPLETE FIX FOR CVE-2017-15023)

Description: binutils is a set of tools necessary to build programs. The commit fix for this issue says: The PR22200 fuzzer testcase found one way to put NULLs into .debug_line file tables. PR22205 finds another. So mitre considers this an … Continue reading

Posted in advisories, security | Leave a comment

binutils: heap-based buffer overflow in parse_die (dwarf1.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==26890==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6130000006d3 at pc 0x000000472115 bp … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in bfd_hash_hash (hash.c)

Description: binutils is a set of tools necessary to build programs. The stacktrace of this issue appears to be a NULL pointer access. However the upstream maintainer changed the summary of the bugreport to “DW_AT_name with out of bounds reference”. … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in concat_filename (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==3765==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000006a7376 bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: heap-based buffer overflow in bfd_get_debug_link_info_1 (opncls.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==11994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000029e at pc 0x7f800af7095d bp … Continue reading

Posted in advisories, security | Leave a comment