Some fuzzer workarounds
Evgeny Vereshchagin
evvers@ya.ru
Sat Mar 19 11:08:30 GMT 2022
Hi
> If they weren't actually tested I think it would make sense to revert them to avoid getting auto-generated CVEs
> until they're in more or less good shape at least.
I've just opened https://github.com/google/oss-fuzz/pull/7401 to weed out some false positives.
Given that they are "security" issues and bash scripts generating CVEs rely on that label I hope they will be closed
as "invalid" or "wonfix". The issues found by fuzz-elf-get-sections (which was renamed to fuzz-libelf apparently) were
closed as "Verified" though so I'm not sure how it works exactly.
Thanks,
Evgeny Vereshchagin
More information about the Elfutils-devel
mailing list