aboutsummaryrefslogtreecommitdiff
path: root/toys/posix/iconv.c
diff options
context:
space:
mode:
authorElliott Hughes <enh@google.com>2020-11-12 13:51:22 -0800
committerRob Landley <rob@landley.net>2020-11-12 18:36:37 -0600
commit0c567294d476ae6cab863e774844cd94e51b88e2 (patch)
tree660297ee772a79333955873f25d2e71ca4120eee /toys/posix/iconv.c
parent693eaf6c22a8a64645af6732731d6ef2a0432838 (diff)
downloadtoybox-0c567294d476ae6cab863e774844cd94e51b88e2.tar.gz
file: harden against invalid input.
I promised months ago I'd fix this, and there was a (not visible to the public but filed by a member of the public) bug filed against Android in the meantime, but judged No Security Impact because "toybox is not a security boundary". Anyway, it seemed high time I learned about fuzzing command-line tools with AFL++, so here we are. With these patches (and starting from the ELF files in test/files/elf), toybox file survived ~24hours against AFL++. Amusingly it corrupted the ELF files hard enough that it also managed to find a bug in the code for MS-DOS executables, which is the motivation for the final hunk in this patch. Bug: http://b/159065007 Test: ~/AFLplusplus/afl-fuzz -i tests/files/elf -o fuzz-out -- ./file @@
Diffstat (limited to 'toys/posix/iconv.c')
0 files changed, 0 insertions, 0 deletions