Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix location is a macro; repair can't modify macros (CVE-2017-15232) #60

Open
rshariffdeen opened this issue Feb 22, 2023 · 1 comment

Comments

@rshariffdeen
Copy link
Collaborator

Repair module doesn't generate any candidate patch and it failed to find top-location for the suggested fix-locations

[2023-02-22 03:11:32.016] [info] parsing expression: ((0 < @var(integer, bytestozero)) && (NULL != @var(pointer, target)))
[2023-02-22 03:11:32.017] [info] converting parse tree to expression...
[2023-02-22 03:11:32.204] [info] saving fix localization to disk: /experiment/vulnloc/libjpeg/CVE-2017-15232/analysis/localization.json
[2023-02-22 03:11:32.204] [info] saved fix localization to disk: /experiment/vulnloc/libjpeg/CVE-2017-15232/analysis/localization.json
[2023-02-22 03:11:32.222] [error] bad fix location [/experiment/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:132:3]: unable to find statement
[2023-02-22 03:11:32.241] [error] bad fix location [/experiment/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:132:3]: unable to find statement
[2023-02-22 03:11:32.259] [error] bad fix location [/experiment/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:132:3]: unable to find statement
[2023-02-22 03:11:32.278] [error] bad fix location [/experiment/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:132:3]: unable to find statement
[2023-02-22 03:11:32.278] [info] writing linter report to disk
[2023-02-22 03:11:32.278] [info] wrote linter report to disk

@ChrisTimperley
Copy link
Collaborator

The localization contains a single fix location:

  {
    "constraint": "((0 < @var(integer, bytestozero)) && (NULL != @var(pointer, target)))",
    "location": "/data/vulnloc/libjpeg/CVE-2017-15232/src/jutils.c:132:3",
    "values-file": "/data/vulnloc/libjpeg/CVE-2017-15232/analysis/values/#data#vulnloc#libjpeg#CVE-2017-15232#src#jutils.c:132:3.csv",
    "variables": [
      {
        "column": 3,
        "line": 132,
        "name": "target",
        "type": "integer"
      },
      {
        "column": 3,
        "line": 132,
        "name": "bytestozero",
        "type": "integer"
      },
      {
        "column": 3,
        "line": 132,
        "name": "target",
        "type": "pointer"
      },
      {
        "column": 3,
        "line": 132,
        "name": "bytestozero",
        "type": "pointer"
      },
      {
        "column": 3,
        "line": 132,
        "name": "target",
        "type": "pointer"
      },
      {
        "column": 3,
        "line": 132,
        "name": "bytestozero",
        "type": "pointer"
      }
    ]
  }

If we take a look in the source code at that location, we find a macro:

  MEMZERO(target, bytestozero);

This isn't something that the analysis can handle (the macro isn't a statement in the AST). The quickest and most general solution is to preprocess the file. Alternatively, I'll have a look into whether or not it's possible for the repair to consider macros as fix locations. (This will take a fair bit of refactoring and will depend on what's possible in LibClang, but that would be a nice solution.)

@ChrisTimperley ChrisTimperley changed the title CVE-2017-15232 Fix location is a macro; repair can't modify macros (CVE-2017-15232) Feb 24, 2023
@ChrisTimperley ChrisTimperley added this to the ASE Submission milestone Mar 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants