search

nus-apr / CrashRepair

Security Vulnerability Repair via Concolic Execution and Code Mutations
16 stars 1 forks source link

CVE-2016-10094 Build Failed #142

Closed rshariffdeen closed 1 year ago

rshariffdeen commented 1 year ago 
    cd /data/vulnloc/libtiff/CVE-2016-10094/src;bear make CFLAGS="${INJECT_CFLAGS}" CXXFLAGS="${INJECT_CXXFLAGS}" LDFLAGS="${INJECT_LDFLAGS}" -j `nproc` > /CrashRepair/logs/log-make
    Repair Failed
    BUILD FAILED!!
Exit Code: 2
    Runtime Error
    Error. Exiting...
ChrisTimperley commented 1 year ago

Even if I remove all of the preprocessing code from setup.sh, this scenario will fail to build under normal conditions:

#!/bin/bash
script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
benchmark_name=$(echo $script_dir | rev | cut -d "/" -f 3 | rev)
project_name=$(echo $script_dir | rev | cut -d "/" -f 2 | rev)
bug_id=$(echo $script_dir | rev | cut -d "/" -f 1 | rev)
dir_name=/data/$benchmark_name/$project_name/$bug_id

current_dir=$PWD
mkdir -p $dir_name
cd $dir_name
mkdir dev-patch

project_url=https://github.com/vadz/libtiff.git
fix_commit_id=c7153361a4041260719b340f73f2f76b0969235c
bug_commit_id=891b1b9

cd $dir_name
git clone $project_url src
cd sr
git checkout $bug_commit_id
git format-patch -1 $fix_commit_id
cp *.patch $dir_name/dev-patch/fix.patch

./autogen.sh

cd $dir_name/src
git config user.email "you@example.com"
git config user.name "Your Name"

sed -i 's/fabs/fabs_crepair/g' libtiff/tif_luv.c
sed -i 's/fabs/fabs_crepair/g' tools/tiff2ps.c
git add  libtiff/tif_luv.c tools/tiff2ps.c
git commit -m 'replace fabs with proxy function'

sed -i '118d;221d' libtiff/tif_jpeg.c
sed -i '153d;2430d' libtiff/tif_ojpeg.c
sed -i '2461d' libtiff/tif_ojpeg.c
sed -i '127d' libtiff/tif_ojpeg.c
git add libtiff/tif_ojpeg.c libtiff/tif_jpeg.c
git commit -m 'remove longjmp calls'

# see #62
# find tools -name "*.c" | xargs -n1 sed -i 's@"tif_config.h"@"../libtiff/tif_config.h"@g'
# find tools -name "*.c" | xargs -n1 sed -i 's@"tiffio.h"@"../libtiff/tiffio.h"@g'
# find tools -name "*.h" | xargs -n1 sed -i 's@"tif_config.h"@"../libtiff/tif_config.h"@g'
# find tools -sed -i 's@"tiffio.h"@"./tiffio.h"@g' libtiff/tiffio.h
# sed -i 's@"tiffvers.h"@"./tiffvers.h"@g' libtiff/tiffio.h
# sed -i 's@"tiffio.h"@"./tiffio.h"@g' libtiff/tiffiop.h
# git add libtiff/*.h tools/*.c tools/*.h
# git commit -m "resolve ambiguity in includes"

./configure --enable-static --disable-shared

# clang -I . -E libtiff/tif_read.c > libtiff/tif_read.c.pre
# clang -I . -E libtiff/tif_jpeg.c > libtiff/tif_jpeg.c.pre
# clang -I . -I ./libtiff -E tools/tiffcrop.c > tools/tiffcrop.c.pre
# grep -v '^ *#' tools/tiffcrop.c.pre > tools/tiffcrop.c
# grep -v '^ *#' libtiff/tif_read.c.pre > libtiff/tif_read.c
# grep -v '^ *#' libtiff/tif_jpeg.c.pre > libtiff/tif_jpeg.c

@rshariffdeen Can you double check the changes that you made? (To tif_jpeg.c, in particular.)

You should see whether or not you can simply build (without the repair toolchain):

cd /data/vulnloc/libtiff/CVE-2016-10094/src
make
...
tif_jpeg.c:223:15: error: use of undeclared identifier 'sp'
        TIFFErrorExt(sp->tif->tif_clientdata, "JPEGLib", "%s", buffer);         /* display the error message */
                     ^
tif_jpeg.c:225:10: error: use of undeclared identifier 'sp'
        LONGJMP(sp->exit_jmpbuf, 1);            /* return to libtiff caller */
                ^
rshariffdeen commented 1 year ago

I was able to build this subject previously which also produced plausible patches.