Giter VIP home page Giter VIP logo

fengjixuchui / memlock_benchmark-1 Goto Github PK

View Code? Open in Web Editor NEW

This project forked from szu-se/memlock_benchmark

0.0 0.0 0.0 0 B

Makefile 19.80% Python 0.31% Shell 0.83% CMake 0.09% JavaScript 0.18% HTML 0.15% CSS 0.01% C++ 9.03% C 47.42% Java 0.06% Batchfile 0.01% M4 0.50% Objective-C 4.23% DIGITAL Command Language 0.04% sed 0.01% Perl 0.18% Lex 0.34% Yacc 0.34% Emacs Lisp 0.01% Assembly 16.46%

memlock_benchmark-1's Introduction

MemLock_Benchmark

This Benchmark collect some vulnerabilities related to "excessive memory consumption", which are used in MemLock's experiment.

To trigger these vulnerabilities, the testcase should consume lost of stack memory or heap memory, which can test the ability of fuzzer for generating inputs that consume lost of memory.

The Seeds and POCs are in the folder

If you Cannot reproduce the bug, try to reduce the memory limit. For example:

  • ulimit -a to see the information of memory limit.
  • sudo ulimit -s 8192 or sudo ulimit -s 4096 to reduce the stack size.
  • sudo ulimit -m 36700160 to reduce the memory size.

The detail information of the benchmark can be seen as follow.

1. cxxfilt 2.31

2. nm 2.31

3. NASM 2.14.03rc1

  • Bug type: stack-overflow
  • CVE ID:
  • Download: 
    git clone git://repo.or.cz/nasm.git
git checkout 81f98fe79be23174e2d6ddd9f17a5cfb9ca71ec7
  • Reproduce: nasm -f bin @@ -o ./tmp

4. mjs 1.20.1

  • Bug type: stack-overflow
  • CVE ID:
  • Download: 
    git clone https://github.com/cesanta/mjs
git checkout 2827bd00b59bdc176a010b22fc4acde9b580d6c2
  • install:clang mjs.c -DMJS_MAIN -fsanitize=address -g -o mjs.out -ldl
  • Reproduce: mjs.out @@
  • ASAN dumps the backtrace:

5. Flex 2.6.4

  • Bug type: stack-overflow
  • CVE ID:
  • Download: 
    git clone https://github.com/westes/flex
git checkout 98018e3f58d79e082216d406866942841d4bdf8a
  • Reproduce: flex @@

6. Yaml-cpp 0.6.2

7. Yara 3.5.0

  • Bug type: stack-overflow
  • CVE ID:
  • Download: 
    git clone https://github.com/VirusTotal/yara
git checkout 012269756149ae99745b6dafefd415843d7420bb
  • Reproduce: yara @@ strings

8. Libsass 3.5.4

9. Libming 0.4.8

  • Bug type: stack-overflow
  • CVE ID:
  • Download: 
    git clone https://github.com/libming/libming
git checkout b72cc2fda0e8b3792b7b3f7361fc3f917f269433
  • Reproduce: listswf @@

10. jasper 2.0.14

  • Bug type: uncontrolled-memory-allocation, memory leak
  • CVE ID:
  • Download: 
    git clone https://github.com/mdadams/jasper
git checkout 1a36ca39da535af2e67848f5f43ffd657746e632
  • Reproduce: jasper --input @@ --output test.bmp --output-format bmp

11. Libming 0.4.8

  • Bug type: uncontrolled-memory-allocation, memory leak
  • CVE ID:
  • Download: 
    git clone https://github.com/libming/libming
git checkout b72cc2fda0e8b3792b7b3f7361fc3f917f269433
  • Reproduce: listswf @@

12. zziplib v0.13.68

  • Bug type: uncontrolled-memory-allocation, memory leak
  • CVE ID:
    • CVE-2018-6869
    • the meory leak is very easy to find in CVE website, lots of memory leak
  • Download: 
    git clone https://github.com/gdraheim/zziplib
git checkout bf4584fb06d5f9c5813616dbadc0129024c9c0f9
  • Reproduce: zzdir @@ || unzzip @@

13. Bento4 1.5.1-627

  • Bug type: uncontrolled-memory-allocation, memory leak
  • CVE ID:
  • Download: 
    git clone https://github.com/axiomatic-systems/Bento4
git checkout 590312125c833bc496faf815c583cfd053509d2c
  • Reproduce: mp42hls @@

14. readelf 2.28

15. exiv2 0.26

  • Bug type: uncontrolled-memory-allocation
  • CVE ID:
  • Download: 
     git clone https://github.com/Exiv2/exiv2
 git checkout fa449a4d2c58d63f0d75ff259f25683a98a44630
  • Reproduce: exiv2 -pX @@

16. openjpeg 2.3.0

  • Bug type: uncontrolled-memory-allocation
  • CVE ID:
  • Download: 
     git clone https://github.com/uclouvain/openjpeg
 git checkout 51f097e6d5754ddae93e716276fe8176b44ec548
  • Reproduce: opj_decompress -i @@ -o ./tmp.png

17. podofo 0.9.5

memlock_benchmark-1's People

Contributors

wcventure avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.