Oliver Chang
Oliver Chang
Here are some existing curl examples in OSV (based off OSS-Fuzz automation): https://github.com/google/oss-fuzz-vulns/blob/main/vulns/curl/OSV-2022-450.yaml, https://github.com/google/oss-fuzz-vulns/blob/main/vulns/curl/OSV-2022-141.yaml
> Using a Github URL would work to disambiguate this curl from any others, but there's a technicality: the curl releases are almost-but-not-quite what's tagged in git, so doing so...
> Noting here that we're running into the same problem for projects like CPython, there is no ecosystem value for OSV that matches PURL's "generic" ecosystem. Would something like the...
Gentle ping on this issue!
/gcbrun request_pr_exp.py -n test-244
We can potentially detect instances of this (and potentially more general issues) by checking if the ASan-reported free stack has LLVMFuzzerTestOneInput at the top, which indicates the freeing happened in...
/gcbrun exp -n oc -f
/gcbrun exp -n oc
> @oliverchang hey! Thank you ++ ... we are slowly but surely accumulating the warts of every versioning scheme ever produced! There are way too many schemes out there :)...
> @oliverchang > > > in case this helps, our implementation for NuGet in OSV is here: https://github.com/google/osv/blob/master/lib/osv/nuget.py. It uses a bit of regex and an existing SemVer implementation. >...