There's a researcher, Jiang Yuancheng, who's doing a great work finding CPython crashes and memory leaks: https://github.com/python/cpython/issues?q=is%3Aissue%20author%3AYuanchengJiang

They've come up with a very clever idea for a new way of fuzzing, made a fine tool out of it, and are reaping great results.

Fuzzing can be a diminishing returns endeavor: you only have so many bugs to find. Their approach has shown itself to cover different areas and kinds of issues well, as shown by their track record.

#CPython #Python #Fuzzer #Fuzzing #fusil

Zuporouge 1798 https://zuporouge.com/zuporouge-1798/

Exemples Je fais des designs pour seulement 9,99 $. Parfait pour tes projets, singles ou mixtapes.

#homme #fusil #gangsta #arme #urbain #rue #menace #attitude #street #sombre #puissance #danger #posture #silhouette #scène #béton #tension #badass #regard #style #mafia #criminel #intensité #ambiance #nuit #personnage #force #domination #vibe #impact

So someone found a segfault in NumPy and reported it as a security bug: https://huntr.com/bounties/49928a2c-c6bb-4c1c-80ec-5d7bf708bf28. After some back and forth, the NumPy developers agreed it was a security bug (with a low score, but still).

However, since fusil had already found that crash and I had reported it 2 months earlier (https://github.com/numpy/numpy/issues/28829), the report was deemed a duplicate and no CVE was assigned.

We didn't find a CVE, but avoided one :)

Link to fix: https://github.com/numpy/numpy/pull/30071

#fusil #fuzzer #fuzzing #numpy #python