I went on with some tests (similarly to #604), and I discovered overall 9 different vulnerabilities. You can reproduce by compiling with asan enabled. Here I attach a resume of the stacktrace and the crashing inputs. If it is possible, I would like to request for at least some CVEs that I need for a paper. faust.tar.gz
Error type : ABRT on unknown address 0x03e800005fdc (pc 0x7fe0e39a9fb7 bp 0x00000164dc40 sp 0x7fe0e0e13980 T2)
Error location : 0xba3110 in std::vector<CTree*, std::allocator<CTree*> >::vector(unsigned long, std::allocator<CTree*> const&) (/home/mantovan/Repositories/faust/build/bin/faust+0xba3110)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000002,sig:06,src:003121,time:38575853,op:havoc,rep:8
Testcase size : 82
Error type : SEGV on unknown address 0x000000000000 (pc 0x000000ba949a bp 0x7fff81d29190 sp 0x7fff81d290a0 T0)
I went on with some tests (similarly to #604), and I discovered overall 9 different vulnerabilities. You can reproduce by compiling with asan enabled. Here I attach a resume of the stacktrace and the crashing inputs. If it is possible, I would like to request for at least some CVEs that I need for a paper.
faust.tar.gz
Error type : ABRT on unknown address 0x03e800005fdc (pc 0x7fe0e39a9fb7 bp 0x00000164dc40 sp 0x7fe0e0e13980 T2)
Error location : 0xba3110 in std::vector<CTree*, std::allocator<CTree*> >::vector(unsigned long, std::allocator<CTree*> const&) (/home/mantovan/Repositories/faust/build/bin/faust+0xba3110)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000002,sig:06,src:003121,time:38575853,op:havoc,rep:8
Testcase size : 82
Error type : SEGV on unknown address 0x000000000000 (pc 0x000000ba949a bp 0x7fff81d29190 sp 0x7fff81d290a0 T0)
Error location : 0xba949a in ppsig::printui(std::ostream&, std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, CTree*) const (/home/mantovan/Repositories/faust/build/bin/faust+0xba949a)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000005,sig:11,src:003113,time:47935038,op:havoc,rep:4
Testcase size : 96
Error type : SEGV on unknown address 0x000000000000 (pc 0x000000aec116 bp 0x7ffc874170b0 sp 0x7ffc87416d80 T0)
Error location : 0xaec116 in CosPrim::computeSigOutput(std::vector<CTree*, std::allocator<CTree*> > const&) (/home/mantovan/Repositories/faust/build/bin/faust+0xaec116)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000004,sig:11,src:003297,time:52573577,op:havoc,rep:4
Testcase size : 173
Error type : ABRT on unknown address 0x03e800005fe8 (pc 0x7fc3930ecfb7 bp 0x00000164dc40 sp 0x7fc39055aa10 T2)
Error location : 0xb96f94 in makeSigInputList(int) (/home/mantovan/Repositories/faust/build/bin/faust+0xb96f94)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000000,sig:06,src:000258,time:3316340,op:havoc,rep:4
Testcase size : 101
Error type : stack-overflow on address 0x7ffec7cfdf48 (pc 0x00000068d535 bp 0x7ffec7cfe7b0 sp 0x7ffec7cfdf50 T0)
Error location : 0x68d535 in __interceptor_strcmp (/home/mantovan/Repositories/faust/build/bin/faust+0x68d535)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000009,sig:11,src:003178,time:49195617,op:havoc,rep:2
Testcase size : 89
Error type : heap-buffer-overflow on address 0x602000006cb8 at pc 0x000000b9f8f9 bp 0x7fe0576fac70 sp 0x7fe0576fac68
Error location : 0xb9f8f8 in realPropagate(CTree*, CTree*, CTree*, std::vector<CTree*, std::allocator<CTree*> > const&) propagate.cpp
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000002,sig:06,src:002492,time:32050018,op:havoc,rep:2
Testcase size : 74
Error type : SEGV on unknown address 0x000000000008 (pc 0x0000009f040a bp 0x7fff5c0e40d0 sp 0x7fff5c0e3cc0 T0)
Error location : 0x9f040a in InstructionsCompiler::generateSoundfile(CTree*, CTree*) (/home/mantovan/Repositories/faust/build/bin/faust+0x9f040a)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000004,sig:11,src:002435,time:21585675,op:havoc,rep:2
Testcase size : 164
Error type : SEGV on unknown address 0x000000000008 (pc 0x0000009ed6b6 bp 0x7ffd6c0d18e0 sp 0x7ffd6c0d16e0 T0)
Error location : 0x9ed6b6 in InstructionsCompiler::generateSliderAux(CTree*, CTree*, CTree*, CTree*, CTree*, CTree*, std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&) (/home/mantovan/Repositories/faust/build/bin/faust+0x9ed6b6)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000002,sig:11,src:001731,time:23397762,op:havoc,rep:4
Testcase size : 108
Error type : SEGV on unknown address 0x000000000000 (pc 0x000000ba9356 bp 0x7fffc971a9d0 sp 0x7fffc971a8e0 T0)
Error location : 0xba9356 in ppsig::printui(std::ostream&, std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, CTree*) const (/home/mantovan/Repositories/faust/build/bin/faust+0xba9356)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000000,sig:11,src:003113,time:47868291,op:havoc,rep:4
Testcase size : 96
The text was updated successfully, but these errors were encountered: