Giters

SZU-SE / Uncontrolled-allocation-Fuzzer-TestSuite

[ICSE2020] MemLock DataSet

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

fuzzing

Uncontrolled-memory-allocation-Fuzzer-TestSuite

Uncontrolled-memory-allocation testsuite used for fuzzing experiment

Seeds and POCs are in the folder

If you Cannot reproduce the bug, try to reduce the memory limit. For example:

  • ulimit -a to see the information of memory limit.
  • sudo ulimit -s 8192 or sudo ulimit -s 4096 to reduce the stack size.
  • sudo ulimit -m 36700160 to reduce the memory size.

The detail information of the benchmark can be seen as follow.

1. jasper 2.0.14

  • Bug type: uncontrolled-memory-allocation, memory leak
  • CVE ID:
  • Download: 
    git clone https://github.com/mdadams/jasper
git checkout 1a36ca39da535af2e67848f5f43ffd657746e632
  • Reproduce: jasper --input @@ --output test.bmp --output-format bmp

2. Libming 0.4.8

  • Bug type: uncontrolled-memory-allocation, memory leak
  • CVE ID:
  • Download: 
    git clone https://github.com/libming/libming
git checkout b72cc2fda0e8b3792b7b3f7361fc3f917f269433
  • Reproduce: listswf @@

3. zziplib v0.13.68

  • Bug type: uncontrolled-memory-allocation, memory leak
  • CVE ID:
    • CVE-2018-6869
    • the meory leak is very easy to find in CVE website, lots of memory leak
  • Download: 
    git clone https://github.com/gdraheim/zziplib
git checkout bf4584fb06d5f9c5813616dbadc0129024c9c0f9
  • Reproduce: zzdir @@ || unzzip @@

4. Bento4 1.5.1-627

  • Bug type: uncontrolled-memory-allocation, memory leak
  • CVE ID:
  • Download: 
    git clone https://github.com/axiomatic-systems/Bento4
git checkout 590312125c833bc496faf815c583cfd053509d2c
  • Reproduce: mp42hls @@

5. readelf 2.28

6. exiv2 0.26

  • Bug type: uncontrolled-memory-allocation
  • CVE ID:
  • Download: 
     git clone https://github.com/Exiv2/exiv2
 git checkout fa449a4d2c58d63f0d75ff259f25683a98a44630
  • Reproduce: exiv2 -pX @@

7. openjpeg 2.3.0

  • Bug type: uncontrolled-memory-allocation
  • CVE ID:
  • Download: 
     git clone https://github.com/uclouvain/openjpeg
 git checkout 51f097e6d5754ddae93e716276fe8176b44ec548
  • Reproduce: opj_decompress -i @@ -o ./tmp.png

8. podofo 0.9.5

About

[ICSE2020] MemLock DataSet

fuzzing

Languages

Language:C 38.8%Language:Makefile 15.4%Language:D 12.7%Language:Assembly 12.2%Language:C++ 10.4%Language:Objective-C 3.6%Language:Scheme 1.2%Language:Shell 1.0%Language:Roff 0.9%Language:M4 0.4%Language:JavaScript 0.4%Language:Python 0.4%Language:R 0.3%Language:HTML 0.3%Language:Scala 0.3%Language:Yacc 0.3%Language:Lex 0.2%Language:Perl 0.2%Language:CMake 0.2%Language:TeX 0.2%Language:Java 0.1%Language:Ada 0.0%Language:XS 0.0%Language:Pascal 0.0%Language:Raku 0.0%Language:DIGITAL Command Language 0.0%Language:C# 0.0%Language:Batchfile 0.0%Language:PHP 0.0%Language:GAP 0.0%Language:SWIG 0.0%Language:Tcl 0.0%Language:GDScript 0.0%Language:xBase 0.0%Language:CWeb 0.0%Language:DTrace 0.0%Language:PicoLisp 0.0%Language:CSS 0.0%Language:Ruby 0.0%Language:XSLT 0.0%Language:MATLAB 0.0%Language:AngelScript 0.0%Language:Lua 0.0%Language:sed 0.0%Language:Emacs Lisp 0.0%Language:CLIPS 0.0%Language:SuperCollider 0.0%Language:Common Lisp 0.0%Language:Rebol 0.0%Language:E 0.0%Language:Terra 0.0%Language:Inno Setup 0.0%Language:SAS 0.0%Language:Module Management System 0.0%Language:Awk 0.0%Language:Mathematica 0.0%Language:QMake 0.0%Language:RenderScript 0.0%Language:Rust 0.0%Language:Elixir 0.0%Language:ActionScript 0.0%Language:GDB 0.0%