Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory corruptions in Faust compiler #653

Open
elManto opened this issue Sep 24, 2021 · 1 comment
Open

Memory corruptions in Faust compiler #653

elManto opened this issue Sep 24, 2021 · 1 comment

Comments

@elManto
Copy link

elManto commented Sep 24, 2021

I went on with some tests (similarly to #604), and I discovered overall 9 different vulnerabilities. You can reproduce by compiling with asan enabled. Here I attach a resume of the stacktrace and the crashing inputs. If it is possible, I would like to request for at least some CVEs that I need for a paper.
faust.tar.gz

Error type : ABRT on unknown address 0x03e800005fdc (pc 0x7fe0e39a9fb7 bp 0x00000164dc40 sp 0x7fe0e0e13980 T2)
Error location : 0xba3110 in std::vector<CTree*, std::allocator<CTree*> >::vector(unsigned long, std::allocator<CTree*> const&) (/home/mantovan/Repositories/faust/build/bin/faust+0xba3110)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000002,sig:06,src:003121,time:38575853,op:havoc,rep:8
Testcase size : 82

Error type : SEGV on unknown address 0x000000000000 (pc 0x000000ba949a bp 0x7fff81d29190 sp 0x7fff81d290a0 T0)

Error location : 0xba949a in ppsig::printui(std::ostream&, std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, CTree*) const (/home/mantovan/Repositories/faust/build/bin/faust+0xba949a)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000005,sig:11,src:003113,time:47935038,op:havoc,rep:4
Testcase size : 96

Error type : SEGV on unknown address 0x000000000000 (pc 0x000000aec116 bp 0x7ffc874170b0 sp 0x7ffc87416d80 T0)

Error location : 0xaec116 in CosPrim::computeSigOutput(std::vector<CTree*, std::allocator<CTree*> > const&) (/home/mantovan/Repositories/faust/build/bin/faust+0xaec116)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000004,sig:11,src:003297,time:52573577,op:havoc,rep:4
Testcase size : 173

Error type : ABRT on unknown address 0x03e800005fe8 (pc 0x7fc3930ecfb7 bp 0x00000164dc40 sp 0x7fc39055aa10 T2)

Error location : 0xb96f94 in makeSigInputList(int) (/home/mantovan/Repositories/faust/build/bin/faust+0xb96f94)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000000,sig:06,src:000258,time:3316340,op:havoc,rep:4
Testcase size : 101

Error type : stack-overflow on address 0x7ffec7cfdf48 (pc 0x00000068d535 bp 0x7ffec7cfe7b0 sp 0x7ffec7cfdf50 T0)

Error location : 0x68d535 in __interceptor_strcmp (/home/mantovan/Repositories/faust/build/bin/faust+0x68d535)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000009,sig:11,src:003178,time:49195617,op:havoc,rep:2
Testcase size : 89

Error type : heap-buffer-overflow on address 0x602000006cb8 at pc 0x000000b9f8f9 bp 0x7fe0576fac70 sp 0x7fe0576fac68

Error location : 0xb9f8f8 in realPropagate(CTree*, CTree*, CTree*, std::vector<CTree*, std::allocator<CTree*> > const&) propagate.cpp
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000002,sig:06,src:002492,time:32050018,op:havoc,rep:2
Testcase size : 74

Error type : SEGV on unknown address 0x000000000008 (pc 0x0000009f040a bp 0x7fff5c0e40d0 sp 0x7fff5c0e3cc0 T0)

Error location : 0x9f040a in InstructionsCompiler::generateSoundfile(CTree*, CTree*) (/home/mantovan/Repositories/faust/build/bin/faust+0x9f040a)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000004,sig:11,src:002435,time:21585675,op:havoc,rep:2
Testcase size : 164

Error type : SEGV on unknown address 0x000000000008 (pc 0x0000009ed6b6 bp 0x7ffd6c0d18e0 sp 0x7ffd6c0d16e0 T0)

Error location : 0x9ed6b6 in InstructionsCompiler::generateSliderAux(CTree*, CTree*, CTree*, CTree*, CTree*, CTree*, std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&) (/home/mantovan/Repositories/faust/build/bin/faust+0x9ed6b6)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000002,sig:11,src:001731,time:23397762,op:havoc,rep:4
Testcase size : 108

Error type : SEGV on unknown address 0x000000000000 (pc 0x000000ba9356 bp 0x7fffc971a9d0 sp 0x7fffc971a8e0 T0)

Error location : 0xba9356 in ppsig::printui(std::ostream&, std::__cxx11::basic_string<char, std::char_traits, std::allocator > const&, CTree*) const (/home/mantovan/Repositories/faust/build/bin/faust+0xba9356)
Testcase path : /home/mantovan/Desktop/ddg/crashes/faust_minimized/id:000000,sig:11,src:003113,time:47868291,op:havoc,rep:4
Testcase size : 96

@elManto
Copy link
Author

elManto commented Mar 23, 2022

CVE-2021-41736 and CVE-2021-41737 have been assigned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant