[TUHS] A fuzzy awk. (Was: The 'usage: ...' message.)
Chet Ramey
chet.ramey at case.edu
Mon May 20 23:10:03 AEST 2024
On 5/20/24 5:20 AM, Ralph Corderoy wrote:
> Hi Arnold,
>
>>> in order to maximize the amount of input that could be parsed before
>>> giving up.
>>
>> Gawk used to do this, until people started fuzzing it, causing
>> cascading errors and eventually core dumps. Now the first syntax
>> error is fatal.
>
> This is the first time I've heard of making life difficult for fuzzers
> so I'm curious...
It's not making life difficult for them -- they can still fuzz all they
want. Chances are better they'll find a genuine bug if you stop right away.
> I'm assuming you agree the eventual core dump was a bug somewhere to be
> fixed, and probably was. > Stopping on the first error lessens the
> ‘attack surface’ for the fuzzer. Do you think there remains a bug which
> would bite a user which the fuzzer might have found more easily before
> the shrunken surface?
Chances are small. (People fuzz bash all the time, and that is my
experience.)
Look at it this way. Free Software maintainers have limited resources. Is
it better to spend time on bugs that will affect a larger percentage of
the user population, instead of those that require artificial circumstances
that won't be encountered by normal usage? Those get pushed down on the
priority list.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet at case.edu http://tiswww.cwru.edu/~chet/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://www.tuhs.org/pipermail/tuhs/attachments/20240520/c3a3e713/attachment.sig>
More information about the TUHS
mailing list