From: Chet Ramey <chet.ramey@case.edu>
To: Ralph Corderoy <ralph@inputplus.co.uk>, tuhs@tuhs.org
Subject: [TUHS] Re: A fuzzy awk. (Was: The 'usage: ...' message.)
Date: Mon, 20 May 2024 09:10:03 -0400 [thread overview]
Message-ID: <7e23b0d6-a8be-4e51-ba5a-21432b2fa055@case.edu> (raw)
In-Reply-To: <20240520092013.21BD01FB2F@orac.inputplus.co.uk>
[-- Attachment #1.1: Type: text/plain, Size: 1487 bytes --]
On 5/20/24 5:20 AM, Ralph Corderoy wrote:
> Hi Arnold,
>
>>> in order to maximize the amount of input that could be parsed before
>>> giving up.
>>
>> Gawk used to do this, until people started fuzzing it, causing
>> cascading errors and eventually core dumps. Now the first syntax
>> error is fatal.
>
> This is the first time I've heard of making life difficult for fuzzers
> so I'm curious...
It's not making life difficult for them -- they can still fuzz all they
want. Chances are better they'll find a genuine bug if you stop right away.
> I'm assuming you agree the eventual core dump was a bug somewhere to be
> fixed, and probably was. > Stopping on the first error lessens the
> ‘attack surface’ for the fuzzer. Do you think there remains a bug which
> would bite a user which the fuzzer might have found more easily before
> the shrunken surface?
Chances are small. (People fuzz bash all the time, and that is my
experience.)
Look at it this way. Free Software maintainers have limited resources. Is
it better to spend time on bugs that will affect a larger percentage of
the user population, instead of those that require artificial circumstances
that won't be encountered by normal usage? Those get pushed down on the
priority list.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 203 bytes --]
next prev parent reply other threads:[~2024-05-20 13:11 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-19 23:08 [TUHS] The 'usage: ...' message. (Was: On Bloat...) Douglas McIlroy
2024-05-20 0:58 ` [TUHS] " Rob Pike
2024-05-20 3:19 ` arnold
2024-05-20 3:43 ` Warner Losh
2024-05-20 4:46 ` arnold
2024-05-20 9:20 ` [TUHS] A fuzzy awk. (Was: The 'usage: ...' message.) Ralph Corderoy
2024-05-20 11:58 ` [TUHS] " arnold
2024-05-20 13:10 ` Chet Ramey [this message]
2024-05-20 13:30 ` [TUHS] Re: A fuzzy awk Ralph Corderoy
2024-05-20 13:48 ` Chet Ramey
2024-05-20 3:54 ` [TUHS] Re: The 'usage: ...' message. (Was: On Bloat...) Bakul Shah via TUHS
2024-05-20 14:23 ` Clem Cole
2024-05-20 17:30 ` Greg A. Woods
2024-05-20 20:10 ` John Levine
2024-05-21 1:14 ` John Cowan
2024-05-20 17:40 ` Stuff Received
2024-05-20 13:06 [TUHS] A fuzzy awk. (Was: The 'usage: ...' message.) Douglas McIlroy
2024-05-20 13:14 ` [TUHS] " arnold
2024-05-20 14:00 ` G. Branden Robinson
2024-05-20 13:25 ` Chet Ramey
2024-05-20 16:06 ` Paul Winalski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7e23b0d6-a8be-4e51-ba5a-21432b2fa055@case.edu \
--to=chet.ramey@case.edu \
--cc=ralph@inputplus.co.uk \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).