On 2/13/20 9:19 PM, Johannes Berg wrote:
FWIW, I applied most of your patches, though some I squashed since you
just introduced the bugs in a previous non-applied patch ... :)
;)
Regarding the fuzzing ... how long did you run this?
The first bugs were found nearly instantly, the last ones after several
minutes (<= 20).
I adjusted this to afl-clang-fast (afl++, not the original) and it's not
finding much easily...
I guess making it realloc each element into a separate buffer so that
it's checking out-of-bounds for each element separately will help
somewhat, let's see...
johannes
