aboutsummaryrefslogtreecommitdiff
path: root/testsuite
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2023-05-26 19:36:58 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2023-05-26 19:36:58 +0200
commit5dcc443dba039b305a510c01883e9f34e42656ae (patch)
treeba3b2db1051ed7103319d65338c290a6cd1b43eb /testsuite
parentd7814f572725f224fcef8870a75c2483043d3681 (diff)
downloadbusybox-w32-5dcc443dba039b305a510c01883e9f34e42656ae.tar.gz
busybox-w32-5dcc443dba039b305a510c01883e9f34e42656ae.tar.bz2
busybox-w32-5dcc443dba039b305a510c01883e9f34e42656ae.zip
awk: fix use-after-realloc (CVE-2021-42380), closes 15601
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'testsuite')
-rwxr-xr-xtestsuite/awk.tests55
1 files changed, 55 insertions, 0 deletions
diff --git a/testsuite/awk.tests b/testsuite/awk.tests
index bbf0fbff1..ddc51047b 100755
--- a/testsuite/awk.tests
+++ b/testsuite/awk.tests
@@ -485,4 +485,59 @@ testing 'awk assign while test' \
485 "" \ 485 "" \
486 "foo" 486 "foo"
487 487
488# User-supplied bug (SEGV) example, was causing use-after-realloc
489testing 'awk assign while assign' \
490 "awk '\$5=\$\$5=\$0'; echo \$?" \
491 "\
492─ process timing ────────────────────────────────────┬─ ─ process timing ────────────────────────────────────┬─ overall results ────┐ results ────┐
493│ run time : │ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │ days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │
494│ last new find │ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │ 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │
495│last saved crash : │last saved crash : none seen yet │saved crashes : 0 │ seen yet │saved crashes : 0 │
496│ last saved hang │ last saved hang : none seen yet │ saved hangs : 0 │ none seen yet │ saved hangs : 0 │
497├─ cycle progress ─────────────────────┬─ ├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤ coverage┴──────────────────────┤
498│ now processing : │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │ (88.5%) │ map density : 0.30% / 0.52% │ │ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │
499│ runs timed out │ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │ 0 (0.00%) │ count coverage : 2.18 bits/tuple │
500├─ stage progress ─────────────────────┼─ ├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤ in depth ─────────────────┤
501│ now trying : │ now trying : havoc │ favored items : 43 (20.67%) │ │ favored items : 43 (20.67%) │
502│ stage execs : │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ (8.51%) │ new edges on │ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │ 52 (25.00%) │
503│ total execs : │ total execs : 179k │ total crashes : 0 (0 saved) │ │ total crashes : 0 (0 saved) │ │ total execs : 179k │ total crashes : 0 (0 saved) │
504│ exec speed : │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │ │ total tmouts : 0 (0 saved) │ │ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │
505├─ fuzzing strategy yields ├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤ item geometry ───────┤
506│ bit flips : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ 4/638, 5/618 │ levels : │ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │ │
507│ byte flips : │ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │ 0/71, 0/52 │ pending : 199 │
508│ arithmetics : 11/4494, │ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │ 0/0 │ pend fav : 35 │
509│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ known ints : │ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │ 0/1986, 0/2288 │ own finds : 207 │
510│ dictionary : 0/0, │ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │ 0/0, 0/0 │ imported : 0 │
511│havoc/splice : 142/146k, 23/7616 │havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │ stability : 100.00% │
512│py/custom/rq : unused, unused, │py/custom/rq : unused, unused, unused, unused ├───────────────────────┘ unused ├───────────────────────┘
513│ trim/eff : 57.02%/26, │ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%] │ [cpu000:100%]
514└────────────────────────────────────────────────────┘^C └────────────────────────────────────────────────────┘^C
5150
516" \
517 "" \
518 "\
519─ process timing ────────────────────────────────────┬─ overall results ────┐
520│ run time : 0 days, 0 hrs, 0 min, 56 sec │ cycles done : 0 │
521│ last new find : 0 days, 0 hrs, 0 min, 1 sec │ corpus count : 208 │
522│last saved crash : none seen yet │saved crashes : 0 │
523│ last saved hang : none seen yet │ saved hangs : 0 │
524├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤
525│ now processing : 184.1 (88.5%) │ map density : 0.30% / 0.52% │
526│ runs timed out : 0 (0.00%) │ count coverage : 2.18 bits/tuple │
527├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤
528│ now trying : havoc │ favored items : 43 (20.67%) │
529│ stage execs : 11.2k/131k (8.51%) │ new edges on : 52 (25.00%) │
530│ total execs : 179k │ total crashes : 0 (0 saved) │
531│ exec speed : 3143/sec │ total tmouts : 0 (0 saved) │
532├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤
533│ bit flips : 11/648, 4/638, 5/618 │ levels : 4 │
534│ byte flips : 0/81, 0/71, 0/52 │ pending : 199 │
535│ arithmetics : 11/4494, 0/1153, 0/0 │ pend fav : 35 │
536│ known ints : 1/448, 0/1986, 0/2288 │ own finds : 207 │
537│ dictionary : 0/0, 0/0, 0/0, 0/0 │ imported : 0 │
538│havoc/splice : 142/146k, 23/7616 │ stability : 100.00% │
539│py/custom/rq : unused, unused, unused, unused ├───────────────────────┘
540│ trim/eff : 57.02%/26, 0.00% │ [cpu000:100%]
541└────────────────────────────────────────────────────┘^C"
542
488exit $FAILCOUNT 543exit $FAILCOUNT
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-14 06:34:09 +0000