Comments (2)
The challenge sets have PATCHED macros that indicate the vulnerability triggers, and it should be straightforward to grep for them in the source code.
Alternatively, you can generate or download the PoVs, run them against the binaries, then translate the crashing address to a line number.
from cb-multios.
Unfortunately, our industry doesn't have good terminology here. For a line to be vulnerable or faulty, it could mean several things. Among them it could mean either the line where memory or type safety can first be broken or the line where a crash can be triggered. The PATCHED lines indicate what changes need to be made to maintain memory and type safety. I believe this to be the correct approach since it's specific to to the language and not machine or compiler-specific.
from cb-multios.
Related Issues (20)
- Use ninja on Windows CI HOT 3
- CI: Perform static builds as well
- AFL-friendly CGC challenges HOT 3
- Sugestion - Disable jump tables on switch-case instructions HOT 1
- WhackJack unitialized structure leads to POLL failure HOT 1
- terminate syscall status
- Remove AppVeyor for CI
- README: Current status google doc link is broken HOT 2
- g_heap multiple definitions build error HOT 2
- 2 errors occured while building all the challenge binaries HOT 7
- OS errors when generating polls and other errors HOT 9
- segment fault in 64bit-mode HOT 6
- Cannot build in 32-bit mode HOT 3
- [Question] Can a single string input trigger the vulnerabilities inside the CGC programs? HOT 3
- Issues with generating polls HOT 2
- AFL test HOT 2
- get the error when execute ./test.py -a -o out.xlsx HOT 2
- Vulnerability locations index
- Error running tests HOT 1
- Whether challenge can be compiled separately? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cb-multios.