[Rpm-maint] [rpm-software-management/rpm] Harden against crafted inputs (#1471)
Demi Marie Obenour
notifications at github.com
Fri Jan 15 11:48:20 UTC 2021
> All I've been asking is for you to make available the reproducers that you do have.
Ah okay. I thought you were asking me to make reproducers for all of them, which would take time I don’t really have right now. Here is an RPM (gzipped so GitHub will accept it) that reproduces the integer overflow. You will need a build of RPM compiled with UBSan (Undefined Behavior Sanitizer) to detect the bug.
[rpm-4.15.1-3.fc32.1.src.rpm.gz](https://github.com/rpm-software-management/rpm/files/5820264/rpm-4.15.1-3.fc32.1.src.rpm.gz)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1471#issuecomment-760896015
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210115/0b1eac6a/attachment.html>
More information about the Rpm-maint
mailing list