Hi John, today I looked a little bit at the hash function. I think the problem is that compared to the referenced code the x parameter is type int instead of unsigned int. Googling around the overflow behavior of signed and the shift right of signed is not defined in the c standard although „many?" implementations assume 2th complement signed implementation. Both is well defined for unsigned int operations. I changed the parameter type from int to unsigned int and I cannot see a problem in the regression. But looking at the code I wondered if this hash function also works on 64 Bit architectures. The reference only talks about uint32_t. Regards Friedrich > Am 03.07.2017 um 20:50 schrieb John Darrington <john@darrington.wattle.id.au>: > > I suspect this report is mistaken. But this bit is Ben's code, so I'll let him comment on > that. > > J' > > On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote: > Dear owl337 team, > > thanks for looking at pspp and finding the security problems > > https://security-tracker.debian.org/tracker/CVE-2017-10791 > > and > > https://security-tracker.debian.org/tracker/CVE-2017-10792 > > in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do > you have some information about collAFL? > > Regards > > Friedrich > >
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail