Closed rshariffdeen closed 1 year ago
Running CVE-2016-8691 in jasper, the fuzzer generated inputs are feeded to the patched program incorrectly. See snippet of the logs below
CVE-2016-8691
jasper
2023-04-26 05:42:01.580 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #crash... 2023-04-26 05:42:01.581 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f /CrashRepair/experiments/vulnloc/jasper/CVE-2016-8691/tests/1.j2k 2023-04-26 05:42:01.692 | INFO | crashrepair.scenario:evaluate:539 - candidate #65 passes test #crash 2023-04-26 05:42:01.693 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #fuzzer-input_23... 2023-04-26 05:42:01.693 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f input_23 2023-04-26 05:42:01.702 | INFO | crashrepair.scenario:evaluate:539 - candidate #65 passes test #fuzzer-input_23 2023-04-26 05:42:01.703 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #fuzzer-input_2... 2023-04-26 05:42:01.703 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f input_2 2023-04-26 05:42:01.712 | INFO | crashrepair.scenario:evaluate:539 - candidate #65 passes test #fuzzer-input_2 2023-04-26 05:42:01.713 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #fuzzer-input_32... 2023-04-26 05:42:01.713 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f input_32 2023-04-26 05:42:01.722 | INFO | crashrepair.scenario:evaluate:539 - candidate #65 passes test #fuzzer-input_32 2023-04-26 05:42:01.723 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #fuzzer-input_5... 2023-04-26 05:42:01.723 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f input_5 2023-04-26 05:42:01.732 | INFO | crashrepair.scenario:evaluate:539 - candidate #65 passes test #fuzzer-input_5 2023-04-26 05:42:01.733 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #fuzzer-input_25... 2023-04-26 05:42:01.733 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f input_25 2023-04-26 05:42:01.742 | INFO | crashrepair.scenario:evaluate:539 - candidate #65 passes test #fuzzer-input_25 2023-04-26 05:42:01.743 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #fuzzer-input_44... 2023-04-26 05:42:01.743 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f input_44 2023-04-26 05:42:01.752 | INFO | crashrepair.scenario:evaluate:539 - candidate #65 passes test #fuzzer-input_44 2023-04-26 05:42:01.752 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #fuzzer-input_35... 2023-04-26 05:42:01.753 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f input_35 2023-04-26 05:42:01.762 | INFO | crashrepair.scenario:evaluate:539 - candidate #65 passes test #fuzzer-input_35 2023-04-26 05:42:01.762 | DEBUG | crashrepair.scenario:evaluate:535 - testing candidate #65 against test #fuzzer-input_16... 2023-04-26 05:42:01.763 | DEBUG | crashrepair.shell:__call__:38 - executing: /data/vulnloc/jasper/CVE-2016-8691/src/src/appl/imginfo -f input_16
Running
CVE-2016-8691injasper, the fuzzer generated inputs are feeded to the patched program incorrectly. See snippet of the logs below