On Tue, May 12, 2020 at 8:25 PM Navid Emamdoost <navid.emamdoost@xxxxxxxxx> wrote: > I found this via static analysis and as a result, did had the inputs > to test it with (like the way fuzzing works). Fuzzing is dynamic analysis, so I'm not sure how that fits. > It may be beneficial if you could point me to any testing > infrastructure that you use or are aware of for future cases. syzbot (a real fuzzer -- I believe it uses fake USB devices [1]) caught the error, apparently: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=ced21a4c726bdc60b1680c050a284b08803bc64c so you might look at using that too. Traditionally, "testing your patches" means having hardware that runs the driver in question when patching said driver. That likely won't scale for researchers, but then, perhaps it just means you need to be more clear on how you caught the issue and how you did (or didn't) test it, so it's easier to reconcile your claims with the testing done by real users. If you only did static analysis, then we can be more confident in reverting. The fuzz-tested revert is an even nicer bonus. Brian [1] https://github.com/google/syzkaller/blob/master/docs/syzbot.md#usb-bugs https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_usb.md
