Comment by tzs
2 months ago
So if I find a null pointer dereference issue in something written in a language I don’t know, I shouldn’t report it because I can’t include a fix?
2 months ago
So if I find a null pointer dereference issue in something written in a language I don’t know, I shouldn’t report it because I can’t include a fix?
If you don't know the language, why are you reporting null pointers?
Because the program crashed and the crash dump showed a null pointer dereference, and I found some inputs that reproduce it 100%, so I thought this might be useful to the developer?
In the context of libxml it does sound that for every hypothetical person like you that there's going to be 20 "security researchers" like the ones the article is mentioning; just running automated tools and trying to use security issues as a way to promote themselves.
If getting rid of your input gets rid of the other 20 issues, I would take it.