Stack-overflow testsuite used for fuzzing experiment
Seeds and POCs are in the folder
If you Cannot reproduce the bug, try to reduce the memory limit. For example:
ulimit -ato see the information of memory limit.sudo ulimit -s 8192orsudo ulimit -s 4096to reduce the stack size.sudo ulimit -m 36700160to reduce the memory size.
The detail information of the benchmark can be seen as follow.
1. cxxfilt 2.31
- Bug type: stack-overflow
- CVE ID:
- Download:
- Reproduce:
c++filt -t < @@
2. nm 2.31
-
Bug type: stack-overflow
-
CVE ID:
-
Download:
-
Reproduce:
nm -C @@
- Bug type: stack-overflow
- CVE ID:
- Download:
git clone git://repo.or.cz/nasm.git git checkout 81f98fe79be23174e2d6ddd9f17a5cfb9ca71ec7 - Reproduce:
nasm -f bin @@ -o ./tmp
4. mjs 1.20.1
- Bug type: stack-overflow
- CVE ID:
- Download:
git clone https://github.com/cesanta/mjs.git git checkout 2827bd00b59bdc176a010b22fc4acde9b580d6c2 - install:
clang mjs.c -DMJS_MAIN -fsanitize=address -g -o mjs.out -ldl - Reproduce:
mjs.out @@ - ASAN dumps the backtrace:
5. Flex 2.6.4
- Bug type: stack-overflow
- CVE ID:
- Download:
git clone https://github.com/westes/flex git checkout 98018e3f58d79e082216d406866942841d4bdf8a - Reproduce:
flex @@
- Bug type: stack-overflow
- CVE ID:
- Download:
git clone https://github.com/jbeder/yaml-cpp git checkout 562aefc114938e388457e6a531ed7b54d9dc1b62 - Reproduce:
parse @@
7. Yara 3.5.0
- Bug type: stack-overflow
- CVE ID:
- Download:
git clone https://github.com/VirusTotal/yara git checkout 012269756149ae99745b6dafefd415843d7420bb - Reproduce:
yara @@ strings
- Bug type: stack-overflow
- CVE ID:
- Download:
git clone https://github.com/sass/libsass git checkout 45f50873962b7d1c66bd115ba6e644bdaaf6cac1 - Reproduce:
tester @@
- Bug type: stack-overflow
- CVE ID:
- Download:
git clone https://github.com/libming/libming git checkout b72cc2fda0e8b3792b7b3f7361fc3f917f269433 - Reproduce:
listswf @@
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent