heap-overflow mips-linux-gnu UNIX-SystemV false-negative

[morgan-etheredge]

1. What incidents are expected to be reported, in case of a false negative, or what incidents are reported but are not expected? What are the presumed locations of the weaknesses in the binary?

See the attached file test_artifacts/CWE122_s05_flaws_expected.csv. The README in this same directory provides information on how to read this file.

2. Upload the binary if possible.

See the attached file test_artifacts/CWE122_s05_flaws.

3. Upload all files generated by the check, i.e., log files, incidents, stdout, stderr, etc (some may be missing depending on a tool)

See the outputs provided in the bap_outputs directory.

Additional Information

1. The output of the following commands:

See attached in bap_outputs/bap_command_outputs.png.

2. The set of symbols that bap detects in the binary See the attached file in bap_outputs/binary.symbols.

=================

Important Notes: This is just a specific example of an instance where the toolkit did not find any incidents for a given binary for the heap-overflow recipe. However, it appears that BAP does not find anything in the other recipes as well when using a MIPS or MIPS64 binary.

The problem has been found in both MIPS and MIPS64 binaries.

The command used to run was bap CWE122_s05_flaws --recipe=heap-overflow. mips64_unstripped_run_data.zip

[ivg]

We indeed had problems with symbolizing mips binaries, but we will soon push a big new update that offers a much better symbolization for all supported architectures. The main culprit with this binary is that there is no malloc nor calls to malloc are detected. The good news is that in my branch, we have them. But let's keep it open until it is merged and until we have at least some results for this test.

[ivg]

Fixed a few months ago by https://github.com/BinaryAnalysisPlatform/bap/pull/1209