Skip to content

Latest commit

 

History

History

CVE-2015-7550

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.gitignore
.gitignore
 
 
2015-7550.cpp
2015-7550.cpp
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
cleanDIR.sh
cleanDIR.sh
 
 

README.md

Test

Please try to perform following command:

# setup the environment variables in the root directory of the tool
$ source tool/init_env.sh

# compile the program and get bit code
$ cd $ROOT_DIR/evaluation/ConVul-CVE-Benchmarks/CVE-2015-7550
$ ./cleanDIR.sh
$ clang++ -g -emit-llvm -c ./2015-7550.cpp -o 2015-7550.bc

# perform static analysis
$ $ROOT_DIR/tool/staticAnalysis/staticAnalysis.sh 2015-7550

# complie the instrumented program with ASAN
$ export Con_PATH=$ROOT_DIR/evaluation/ConVul-CVE-Benchmarks/CVE-2015-7550/ConConfig.2015-7550
$ $ROOT_DIR/tool/staticAnalysis/DBDS-INSTRU/dbds-clang-fast++ -g -fsanitize=address ./2015-7550.cpp -o 2015-7550 -lpthread -ldl

# perform DBDS
$ $ROOT_DIR/tool/DBDS/run_PDS.py -d 2 ./2015-7550

Then you will get the results.

Start Testing!
test 0001
test 0002
...

The ASAN output:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==4372==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004c5f43 bp 0x7fc9839fee10 sp 0x7fc9839fede0 T1)
==4372==The signal is caused by a READ memory access.
==4372==Hint: address points to the zero page.
    #0 0x4c5f43 in keyring_read(key const*) /ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2015-7550/./2015-7550.cpp:49:30
    #1 0x4c5ebc in keyctl_read_key(key*) /ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2015-7550/./2015-7550.cpp:62:15
    #2 0x4c60be in thread2(void*) /ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2015-7550/./2015-7550.cpp:95:5
    #3 0x7fc98803b6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #4 0x7fc98701988e in clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2015-7550/./2015-7550.cpp:49:30 in keyring_read(key const*)
Thread T1 created by T0 here:
    #0 0x47eaea in pthread_create /home/brian/src/final/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:214:3
    #1 0x4c62fc in main /ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2015-7550/./2015-7550.cpp:119:5
    #2 0x7fc986f19b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

==4372==ABORTING

Use addr2line -e ./2015-7550 0x4c9193 to see the debug info

/workdir/ConFuzz/evaluation/ConVul-CVE-Benchmarks/CVE-2009-3547/./2009-3547.cpp:49