libjpeg/CVE-2017-15232

[rshariffdeen]

Linter not able to find statement

[2023-03-30 23:02:09.419] [info] checking location: /data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:1633:3
[2023-03-30 23:02:09.421] [warning] statement finder did not encounter an AST for the given file: /data/vulnloc/libjpeg/CVE-2017-15232/src/jquant1.c
[2023-03-30 23:02:09.421] [error] bad fix location [/data/vulnloc/libjpeg/CVE-2017-15232/src/jquant1.c:536:5]: unable to find statement
7 warnings generated.
[2023-03-30 23:02:09.482] [warning] statement finder did not encounter an AST for the given file: /data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c
[2023-03-30 23:02:09.482] [error] bad fix location [/data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:1633:3]: unable to find statement
[2023-03-30 23:02:09.483] [info] checking location: /data/vulnloc/libjpeg/CVE-2017-15232/src/jquant1.c:536:5
[2023-03-30 23:02:09.507] [warning] statement finder did not encounter an AST for the given file: /data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c
[2023-03-30 23:02:09.507] [error] bad fix location [/data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:1633:3]: unable to find statement
[2023-03-30 23:02:09.508] [info] checking location: /data/vulnloc/libjpeg/CVE-2017-15232/src/jquant1.c:536:5
[2023-03-30 23:02:09.533] [warning] statement finder did not encounter an AST for the given file: /data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c
[2023-03-30 23:02:09.533] [error] bad fix location [/data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:1633:3]: unable to find statement
[2023-03-30 23:02:09.534] [info] checking location: /data/vulnloc/libjpeg/CVE-2017-15232/src/jquant1.c:536:5
[2023-03-30 23:02:09.559] [warning] statement finder did not encounter an AST for the given file: /data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c
[2023-03-30 23:02:09.559] [error] bad fix location [/data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:1633:3]: unable to find statement
[2023-03-30 23:02:09.560] [info] checking location: /data/vulnloc/libjpeg/CVE-2017-15232/src/jquant1.c:536:5
[2023-03-30 23:02:09.584] [warning] statement finder did not encounter an AST for the given file: /data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c
[2023-03-30 23:02:09.584] [error] bad fix location [/data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:1633:3]: unable to find statement
[2023-03-30 23:02:09.585] [info] checking location: /data/vulnloc/libjpeg/CVE-2017-15232/src/jquant1.c:536:5
[2023-03-30 23:02:09.609] [warning] statement finder did not encounter an AST for the given file: /data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c
[2023-03-30 23:02:09.609] [error] bad fix location [/data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:1633:3]: unable to find statement
[2023-03-30 23:02:09.610] [info] checking location: /data/vulnloc/libjpeg/CVE-2017-15232/src/jquant1.c:536:5
[2023-03-30 23:02:09.612] [info] writing linter report to disk
[2023-03-30 23:02:09.612] [info] wrote linter report to disk
FAIL: bad fix localization for scenario: /data/vulnloc/libjpeg/CVE-2017-15232
Shutting down...

[ChrisTimperley]

So, I'm not sure that I'm able to reproduce this failure. The scenario runs to completion for me and generates 17 candidate patches, none of which is considered to be plausible.

[rshariffdeen]

I was actually only reporting the linter errors, and yes we don't find a plausible patch. Apparently, we were using the wrong test-case in our configuration. I fixed this in 2a27dc7