mschwager

> Any news about this issue? why not just change ... to `sock = response.raw._fp.fp.raw._sock`? In my testing (https://github.com/docker/docker-py/issues/1507#issuecomment-765684307), `_sock` hangs when using `"stdin": 1` in Python 3.

I found a fix here: https://github.com/docker/docker-py/issues/1507#issuecomment-901300117. If you're calling any `sock._sock.send`, `sock._sock.sendall`, `sock._sock.recv`, etc, you must call `sock._sock.close` before `sock.close`. This will ensure that the underlying socket is closed correctly...

Could also change this to something like: `if self.base_url.startswith("https://") or self.base_url == "http+docker://localhost"`.

I noticed a few things. Ruby does in fact use [`sigaltstack`](https://man7.org/linux/man-pages/man2/sigaltstack.2.html). And when running with ASAN, they do recommend setting the following: https://github.com/ruby/ruby/blob/v3_3_0/doc/contributing/building_ruby.md#building-with-address-sanitizer However, when I set those compiler flags...

Some additional interesting links: - https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101476 - https://bugs.ruby-lang.org/issues/11514#note-8 - https://news.ycombinator.com/item?id=25181648

I forgot to fill out the repro steps from the original crash. Here are the details... `fuzz_bson.rb`: ```ruby # frozen_string_literal: true require 'ruzzy' require 'bson' test_one_input = lambda do |data|...

It looks like `json`, `psych`, and `date` are already fuzzed here: https://github.com/google/oss-fuzz/tree/master/projects/ruby. `zlib` could be interesting, although that extension appears to be a direct copy of the ubiquitous Zlib C...

> `nokogiri` (especially the SAX parser) is also worth fuzzing, they have a long track record of NPEs and other memory violations: https://www.cvedetails.com/vulnerability-list/vendor_id-20514/product_id-59208/Nokogiri-Nokogiri.html > > Edit: Fuzzed here: https://github.com/google/oss-fuzz/tree/master/projects/nokogiri Good...

Here's a useful GH query for finding repositories with a `extconf.rb` file (indicates a Ruby C extension): https://github.com/search?q=lang%3Aruby+path%3Aextconf.rb+NOT+is%3Aarchived&type=code.

`cryptofuzz` provides similar functionality with its `Datasource` class: - https://guidovranken.com/2019/05/14/differential-fuzzing-of-cryptographic-libraries/ (See "Input splitting") - https://github.com/search?q=repo%3Aguidovranken%2Fcryptofuzz%20Datasource&type=code