MemLock_Benchmark

This Benchmark collect some vulnerabilities related to "excessive memory consumption", which are used in MemLock's experiment.

To trigger these vulnerabilities, the testcase should consume lost of stack memory or heap memory, which can test the ability of fuzzer for generating inputs that consume lost of memory.

The Seeds and POCs are in the folder

If you Cannot reproduce the bug, try to reduce the memory limit. For example:

ulimit -a to see the information of memory limit.
sudo ulimit -s 8192 or sudo ulimit -s 4096 to reduce the stack size.
sudo ulimit -m 36700160 to reduce the memory size.

The detail information of the benchmark can be seen as follow.

1. cxxfilt 2.31

Bug type: stack-overflow
CVE ID:
Download:
- https://ftp.gnu.org/gnu/binutils/
Reproduce: c++filt -t < @@

2. nm 2.31

Bug type: stack-overflow
CVE ID:
Download:
- https://ftp.gnu.org/gnu/binutils/
Reproduce: nm -C @@

4. mjs 1.20.1

Bug type: stack-overflow
CVE ID:
- issue#58
- issue#106

Download:

git clone https://github.com/cesanta/mjs
git checkout 2827bd00b59bdc176a010b22fc4acde9b580d6c2

install:clang mjs.c -DMJS_MAIN -fsanitize=address -g -o mjs.out -ldl
Reproduce: mjs.out @@
ASAN dumps the backtrace:

10. jasper 2.0.14

Bug type: uncontrolled-memory-allocation, memory leak
CVE ID:
- CVE-2016-8886
- issue#207
- the meory leak is very easy to find in CVE website, lots of memory leak

Download:

git clone https://github.com/mdadams/jasper
git checkout 1a36ca39da535af2e67848f5f43ffd657746e632

Reproduce: jasper --input @@ --output test.bmp --output-format bmp

14. readelf 2.28

Bug type: uncontrolled-memory-allocation
CVE ID:
- CVE-2017-15996
Download:
- https://ftp.gnu.org/gnu/binutils/
Reproduce: readelf -a @@

16. openjpeg 2.3.0

Bug type: uncontrolled-memory-allocation
CVE ID:
- CVE-2019-6988
- CVE-2017-12982

Download:

 git clone https://github.com/uclouvain/openjpeg
 git checkout 51f097e6d5754ddae93e716276fe8176b44ec548

Reproduce: opj_decompress -i @@ -o ./tmp.png

17. podofo 0.9.5

Bug type: uncontrolled-memory-allocation
CVE ID:
Download:
- https://sourceforge.net/projects/podofo/files/podofo/0.9.5/
Reproduce: podofoimgextract @@ ./out

About

[ICSE2020] MemLock DataSet

fuzzing

Languages

Language:C 38.9%Language:Makefile 16.2%Language:D 14.8%Language:Assembly 13.5%Language:C++ 7.4%Language:Objective-C 3.5%Language:Scheme 1.3%Language:Roff 0.8%Language:Shell 0.7%Language:M4 0.4%Language:R 0.3%Language:Scala 0.3%Language:Yacc 0.3%Language:Lex 0.3%Language:Python 0.3%Language:TeX 0.2%Language:JavaScript 0.1%Language:Perl 0.1%Language:HTML 0.1%Language:CMake 0.1%Language:Ada 0.1%Language:Java 0.1%Language:Pascal 0.0%Language:Raku 0.0%Language:DIGITAL Command Language 0.0%Language:C# 0.0%Language:GAP 0.0%Language:GDScript 0.0%Language:CWeb 0.0%Language:XS 0.0%Language:Batchfile 0.0%Language:DTrace 0.0%Language:PicoLisp 0.0%Language:PHP 0.0%Language:SWIG 0.0%Language:Tcl 0.0%Language:MATLAB 0.0%Language:Common Lisp 0.0%Language:xBase 0.0%Language:Emacs Lisp 0.0%Language:NSIS 0.0%Language:CSS 0.0%Language:sed 0.0%Language:Ruby 0.0%Language:AGS Script 0.0%Language:XSLT 0.0%Language:Rebol 0.0%Language:E 0.0%Language:Slash 0.0%Language:Terra 0.0%Language:SuperCollider 0.0%Language:AngelScript 0.0%Language:LLVM 0.0%Language:Lua 0.0%Language:SAS 0.0%Language:CLIPS 0.0%Language:Awk 0.0%Language:Module Management System 0.0%Language:Inno Setup 0.0%Language:Mathematica 0.0%Language:RenderScript 0.0%Language:Go 0.0%Language:Rust 0.0%Language:Elixir 0.0%Language:QMake 0.0%Language:ActionScript 0.0%Language:YARA 0.0%Language:GDB 0.0%

SZU-SE / MemLock_Benchmark

MemLock_Benchmark

1. cxxfilt 2.31

2. nm 2.31

3. NASM 2.14.03rc1

4. mjs 1.20.1

5. Flex 2.6.4

6. Yaml-cpp 0.6.2

7. Yara 3.5.0

8. Libsass 3.5.4

9. Libming 0.4.8

10. jasper 2.0.14

11. Libming 0.4.8

12. zziplib v0.13.68

13. Bento4 1.5.1-627

14. readelf 2.28

15. exiv2 0.26

16. openjpeg 2.3.0

17. podofo 0.9.5

About

Languages