Announcement

Collapse
No announcement yet.

Fuzzing Mesa Drivers Begin To Uncover Bugs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    I am sure that the Linux kernel itself has been fuzzed to discover unreported bugs and possible vulnerabilities.

    Comment


    • #12
      Originally posted by bug77 View Post
      I thought Nvidia was supposed to be careless about validations. Yet going by this guy's findings, there's not much difference between Nvidia and AMD. Go figure...

      In other news, great tool, it's nice to see bugs reported (and some already fixed) because of it.

      Comment


      • #13
        Originally posted by tinko View Post

        Sounds like a lot of work. Maybe we should start to use programing languages/subsets of languages/tools/techniques that allow us to have stronger safety guarantees at least for the parts of our software that parse random files from the internet.
        Right, of course, because running new tests on existing code is much more work than completely rewriting the entire code base from scratch in an entirely new language. /sarcasm.

        Comment


        • #14
          Originally posted by TheBlackCat View Post

          Right, of course, because running new tests on existing code is much more work than completely rewriting the entire code base from scratch in an entirely new language. /sarcasm.
          "start using [...] for the parts of our software that parse random files from the internet" doesn't imply "rewriting the entire codebase". It doesn't even necessarily imply that I'm asking for anything to be rewritten. I'm just saying, debugging the old stuff will be a lot of work, maybe we should learn from that experience and when we write the parser module for the next project, we don't write it in C.

          But re-implementing at least certain critical parts in existing projects is an option as well. "Fuzzing" is a very clever approach, because it allows to cover a certain space of input data in an automated fashion, but "fuzzing" has limitations as well. There is a reason for the fact that pseudocode is a lot easier to prove correct than C code.

          Comment

          Working...
          X