[tor-bugs] #33140 [Core Tor]: Clusterfuzz environment flags reused for dependencies
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 3 16:13:10 UTC 2020
#33140: Clusterfuzz environment flags reused for dependencies
-----------------------------------+------------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor | Version:
Severity: Normal | Resolution:
Keywords: clusterfuzz, oss-fuzz | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+------------------------
Comment (by nickm):
>This sounds wrong. If we're fuzzing tor then why are we also
instrumenting dependencies for clusterfuzz? It looks like the dependencies
should override these flags when built to avoid conflicts.
I'm no fuzzing expert, but here is my understanding:
I think we want to instrument everything, so that we can find it when code
outside of Tor is caused by Tor to leak memory, invoke undefined behavior,
or whatever.
Even though openssl is fuzzed itself, that's no guarantee that Tor is
using openssl correctly: we might be invoking an openssl function with a
too-short buffer, or using it with an uninitialized object. If we did,
then the fuzzers might not find that unless the openssl code that we're
using is also implemented.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33140#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list