Skip to content

Latest commit

 

History

History

CVE-2016-9806

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
.gitignore
.gitignore
 
 
2016-9806.cpp
2016-9806.cpp
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
cleanDIR.sh
cleanDIR.sh
 
 

README.md

Test

Please try to perform following command:

# setup the environment variables in the root directory of the tool
$ source tool/init_env.sh

# compile the program and get bit code
$ cd $ROOT_DIR/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806
$ ./cleanDIR.sh
$ clang -g -emit-llvm -c ./2016-9806.cpp -o 2016-9806.bc

# perform static analysis
$ $ROOT_DIR/tool/staticAnalysis/staticAnalysis.sh 2016-9806

# complie the instrumented program with ASAN
$ export Con_PATH=$ROOT_DIR/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/ConConfig.2016-9806
$ $ROOT_DIR/tool/staticAnalysis/DBDS-INSTRU/dbds-clang-fast++ -g -fsanitize=address ./2016-9806.cpp -o 2016-9806 -lpthread -ldl

# perform DBDS
$ $ROOT_DIR/tool/DBDS/run_PDS.py -d 3 ./2016-9806

Then you will get the results.

Start Testing!
test 0001
test 0002
...

The ASAN output:

=================================================================
==43809==ERROR: AddressSanitizer: attempting double-free on 0x606000000020 in thread T1:
    #0 0x49478d  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x49478d)
    #1 0x4c9053  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x4c9053)
    #2 0x7fe5171ae6b9  (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
    #3 0x7fe5162374dc  (/lib/x86_64-linux-gnu/libc.so.6+0x1074dc)

0x606000000020 is located 0 bytes inside of 64-byte region [0x606000000020,0x606000000060)
freed by thread T2 here:
    #0 0x49478d  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x49478d)
    #1 0x4c9053  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x4c9053)

previously allocated by thread T2 here:
    #0 0x494a0d  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x494a0d)
    #1 0x4c8fd7  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x4c8fd7)

Thread T1 created by T0 here:
    #0 0x47f19a  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x47f19a)
    #1 0x4c919e  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x4c919e)
    #2 0x7fe51615083f  (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

Thread T2 created by T0 here:
    #0 0x47f19a  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x47f19a)
    #1 0x4c91c9  (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x4c91c9)
    #2 0x7fe51615083f  (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)

SUMMARY: AddressSanitizer: double-free (/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/2016-9806+0x49478d)
==43809==ABORTING

Use addr2line -e ./2016-9806 0x4c9053 to see the debug info

/ConcurrencyFuzzer/evaluation/ConVul-CVE-Benchmarks/CVE-2016-9806/./2016-9806.c:77