Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@n132
n132 committed Aug 7, 2024
0 parents commit 1ca594e
Show file tree
Hide file tree
Showing 4,994 changed files with 483,050 additions and 0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
51 changes: 51 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# ARVO-Meta

The code to generate the ARVO dataset will be published soon. The generated dataset and related metadata are updated in this repository. Each report file represents one found vulnerability on OSS-Fuzz.

# tl;dr

Run the following command to feed the proof-of-concept (POC) to a vulnerability found on [this page][3]. You should see an ASAN report for a heap overflow bug.


```bash
docker run -it n132/arvo:25402-vul arvo
```

# How to use ARVO


ARVO uses source metadata from OSS-Fuzz to solve reproducing problems and build a reproducible dataset: each case is recompilable.


The [meta][0] folder includes metadata for all the recompilable vulnerabilities. You can find the original report on [oss-fuzz dataset][1]. The patching commits are identified by ARVO, achieving over 80% correctness based on our evaluation. Additionally, we provide an interactive recompiling environment on our [Docker Hub Repository][2].

1. Select interesting vulnerabilities from the [meta][0] folder (e.g., 25402).

2. RRun a Docker container to create an interactive environment for these vulnerabilities:

```bash
docker run -it n132/arvo:25402-vul bash # vulnerable version
docker run -it n132/arvo:25402-fix bash # fixed version
```
3. [Optional] [Optional] Modify the code or change the compile settings and recompile it:

```bash
# Run this command inside the Docker container
arvo compile
```
4. Feed the POC to the vulnerable/fixed binary to verify the vulnerability/fix:
```bash
# Run this command inside the Docker container
arvo
```

# Bug Report

If you find any cases that are not reproducible, please open an issue for the case.


[0]: ./meta
[1]: https://bugs.chromium.org/p/oss-fuzz/issues/list
[2]: https://hub.docker.com/repository/docker/n132/arvo/general
[3]: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25402&q=25402&can=2
[4]: https://x.com/moyix/status/1788943761352888777
103 changes: 103 additions & 0 deletions meta/10012.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
{
"localId": 10012,
"project": "curl",
"fix": "https://github.com/curl/curl/commit/86b1e94ae72bc0e49745ed33d4b923ac8e6b8366",
"verify": "0",
"fuzzer": "libfuzzer",
"sanitizer": "ubsan",
"crash_type": "Null-dereference READ",
"report": {
"comments": [
{
"localId": 10012,
"descriptionNum": 1,
"projectName": "oss-fuzz",
"commenter": {
"displayName": "ClusterFuzz-External",
"userId": "382749006"
},
"content": "Detailed report: https://oss-fuzz.com/testcase?key=5101396595572736\n\nProject: curl\nFuzzer: libFuzzer_curl_fuzzer_http\nFuzz target binary: curl_fuzzer_http\nJob Type: libfuzzer_ubsan_curl\nPlatform Id: linux\n\nCrash Type: Null-dereference READ\nCrash Address: 0x000000000000\nCrash State:\n NULL\nSanitizer: undefined (UBSAN)\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_curl&range=201808151412:201808220117\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5101396595572736\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.",
"timestamp": 1534913204
},
{
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "OS-Linux"
}
],
"localId": 10012,
"projectName": "oss-fuzz",
"commenter": {
"displayName": "ClusterFuzz-External",
"userId": "382749006"
},
"sequenceNum": 1,
"timestamp": 1534913487
},
{
"localId": 10012,
"projectName": "oss-fuzz",
"commenter": {
"displayName": "danie...@gmail.com",
"userId": "1725520100"
},
"content": "Presumed fixed in commit 78d5302b5c05a",
"sequenceNum": 2,
"timestamp": 1534925145
},
{
"localId": 10012,
"projectName": "oss-fuzz",
"commenter": {
"displayName": "ClusterFuzz-External",
"userId": "382749006"
},
"content": "ClusterFuzz has detected this issue as fixed in range 201808220117:201808221452.\n\nDetailed report: https://oss-fuzz.com/testcase?key=5101396595572736\n\nProject: curl\nFuzzer: libFuzzer_curl_fuzzer_http\nFuzz target binary: curl_fuzzer_http\nJob Type: libfuzzer_ubsan_curl\nPlatform Id: linux\n\nCrash Type: Null-dereference READ\nCrash Address: 0x000000000000\nCrash State:\n NULL\nSanitizer: undefined (UBSAN)\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_curl&range=201808151412:201808220117\nFixed: https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_curl&range=201808220117:201808221452\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5101396595572736\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nIf you suspect that the result above is incorrect, try re-doing that job on the test case report page.",
"sequenceNum": 3,
"timestamp": 1535007794
},
{
"amendments": [
{
"fieldName": "Status",
"oldValue": "New",
"newOrDeltaValue": "Verified"
},
{
"fieldName": "Labels",
"newOrDeltaValue": "ClusterFuzz-Verified"
}
],
"localId": 10012,
"projectName": "oss-fuzz",
"commenter": {
"displayName": "ClusterFuzz-External",
"userId": "382749006"
},
"content": "ClusterFuzz testcase 5101396595572736 is verified as fixed, so closing issue as verified.\n\nIf this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new",
"sequenceNum": 4,
"timestamp": 1535008214
},
{
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "-restrict-view-commit"
}
],
"localId": 10012,
"projectName": "oss-fuzz",
"commenter": {
"displayName": "sheriffbot@chromium.org",
"userId": "4164592774"
},
"content": "This bug has been fixed for 30 days. It has been opened to the public.\n\n- Your friendly Sheriffbot",
"sequenceNum": 5,
"timestamp": 1537629804
}
]
},
"fix_commit": "86b1e94ae72bc0e49745ed33d4b923ac8e6b8366",
"repo_addr": "https://github.com/curl/curl.git"
}
93 changes: 93 additions & 0 deletions meta/10013.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
{
"fix": "https://foss.heptapod.net/graphicsmagick/graphicsmagick646fe034e39dc1c971abb531a30c414e6c98923c",
"verify": "0",
"localId": 10013,
"project": "graphicsmagick",
"fuzzer": "libfuzzer",
"sanitizer": "msan",
"crash_type": "Use-of-uninitialized-value",
"severity": "Medium",
"report": {
"comments": [
{
"projectName": "oss-fuzz",
"localId": 10013,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1534913338,
"content": "Detailed report: https://oss-fuzz.com/testcase?key=5645145226608640\n\nProject: graphicsmagick\nFuzzer: libFuzzer_graphicsmagick_coder_TIFF_fuzzer\nFuzz target binary: coder_TIFF_fuzzer\nJob Type: libfuzzer_msan_graphicsmagick\nPlatform Id: linux\n\nCrash Type: Use-of-uninitialized-value\nCrash Address: \nCrash State:\n DisassociateAlphaRegion\n ReadTIFFImage\n ReadImage\n \nSanitizer: memory (MSAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_graphicsmagick&range=201805110540:201805251618\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5645145226608640\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.",
"descriptionNum": 1
},
{
"projectName": "oss-fuzz",
"localId": 10013,
"sequenceNum": 1,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1534913725,
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "OS-Linux"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10013,
"sequenceNum": 2,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535267897,
"content": "ClusterFuzz has detected this issue as fixed in range 201808250219:201808260217.\n\nDetailed report: https://oss-fuzz.com/testcase?key=5645145226608640\n\nProject: graphicsmagick\nFuzzer: libFuzzer_graphicsmagick_coder_TIFF_fuzzer\nFuzz target binary: coder_TIFF_fuzzer\nJob Type: libfuzzer_msan_graphicsmagick\nPlatform Id: linux\n\nCrash Type: Use-of-uninitialized-value\nCrash Address: \nCrash State:\n DisassociateAlphaRegion\n ReadTIFFImage\n ReadImage\n \nSanitizer: memory (MSAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_graphicsmagick&range=201805110540:201805251618\nFixed: https://oss-fuzz.com/revisions?job=libfuzzer_msan_graphicsmagick&range=201808250219:201808260217\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5645145226608640\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nIf you suspect that the result above is incorrect, try re-doing that job on the test case report page."
},
{
"projectName": "oss-fuzz",
"localId": 10013,
"sequenceNum": 3,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535268617,
"content": "ClusterFuzz testcase 5645145226608640 is verified as fixed, so closing issue as verified.\n\nIf this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new",
"amendments": [
{
"fieldName": "Status",
"newOrDeltaValue": "Verified",
"oldValue": "New"
},
{
"fieldName": "Labels",
"newOrDeltaValue": "ClusterFuzz-Verified"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10013,
"sequenceNum": 4,
"commenter": {
"userId": "4164592774",
"displayName": "sheriffbot@chromium.org"
},
"timestamp": 1537889031,
"content": "This bug has been fixed for 30 days. It has been opened to the public.\n\n- Your friendly Sheriffbot",
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "-restrict-view-commit"
}
]
}
]
},
"fix_commit": "646fe034e39dc1c971abb531a30c414e6c98923c",
"repo_addr": "https://foss.heptapod.net/graphicsmagick/graphicsmagick"
}
93 changes: 93 additions & 0 deletions meta/10055.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
{
"fix": "https://foss.heptapod.net/graphicsmagick/graphicsmagickbc328f2fcf47f91b1b14d04665cb209e30e0716d",
"verify": "0",
"localId": 10055,
"project": "graphicsmagick",
"fuzzer": "afl",
"sanitizer": "asan",
"crash_type": "Stack-buffer-overflow WRITE 1",
"severity": "High",
"report": {
"comments": [
{
"projectName": "oss-fuzz",
"localId": 10055,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535220395,
"content": "Detailed report: https://oss-fuzz.com/testcase?key=5158172004712448\n\nProject: graphicsmagick\nFuzzer: afl_graphicsmagick_coder_MVG_fuzzer\nFuzz target binary: coder_MVG_fuzzer\nJob Type: afl_asan_graphicsmagick\nPlatform Id: linux\n\nCrash Type: Stack-buffer-overflow WRITE 1\nCrash Address: 0x7f5f47afb915\nCrash State:\n TranslateTextEx\n AnnotateImage\n DrawPrimitive\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: High\n\nRegressed: https://oss-fuzz.com/revisions?job=afl_asan_graphicsmagick&range=201807190219:201807200025\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5158172004712448\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.",
"descriptionNum": 1
},
{
"projectName": "oss-fuzz",
"localId": 10055,
"sequenceNum": 1,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535221470,
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "OS-Linux"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10055,
"sequenceNum": 2,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535267299,
"content": "ClusterFuzz has detected this issue as fixed in range 201808250219:201808260217.\n\nDetailed report: https://oss-fuzz.com/testcase?key=5158172004712448\n\nProject: graphicsmagick\nFuzzer: afl_graphicsmagick_coder_MVG_fuzzer\nFuzz target binary: coder_MVG_fuzzer\nJob Type: afl_asan_graphicsmagick\nPlatform Id: linux\n\nCrash Type: Stack-buffer-overflow WRITE 1\nCrash Address: 0x7f5f47afb915\nCrash State:\n TranslateTextEx\n AnnotateImage\n DrawPrimitive\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: High\n\nRegressed: https://oss-fuzz.com/revisions?job=afl_asan_graphicsmagick&range=201807190219:201807200025\nFixed: https://oss-fuzz.com/revisions?job=afl_asan_graphicsmagick&range=201808250219:201808260217\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5158172004712448\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nIf you suspect that the result above is incorrect, try re-doing that job on the test case report page."
},
{
"projectName": "oss-fuzz",
"localId": 10055,
"sequenceNum": 3,
"commenter": {
"userId": "382749006",
"displayName": "ClusterFuzz-External"
},
"timestamp": 1535267701,
"content": "ClusterFuzz testcase 5158172004712448 is verified as fixed, so closing issue as verified.\n\nIf this is incorrect, please file a bug on https://github.com/google/oss-fuzz/issues/new",
"amendments": [
{
"fieldName": "Status",
"newOrDeltaValue": "Verified",
"oldValue": "New"
},
{
"fieldName": "Labels",
"newOrDeltaValue": "ClusterFuzz-Verified"
}
]
},
{
"projectName": "oss-fuzz",
"localId": 10055,
"sequenceNum": 4,
"commenter": {
"userId": "4164592774",
"displayName": "sheriffbot@chromium.org"
},
"timestamp": 1537889033,
"content": "This bug has been fixed for 30 days. It has been opened to the public.\n\n- Your friendly Sheriffbot",
"amendments": [
{
"fieldName": "Labels",
"newOrDeltaValue": "-restrict-view-commit"
}
]
}
]
},
"fix_commit": "bc328f2fcf47f91b1b14d04665cb209e30e0716d",
"repo_addr": "https://foss.heptapod.net/graphicsmagick/graphicsmagick"
}
Loading

0 comments on commit 1ca594e

Please sign in to comment.