Comments (4)
Hello!
First of all, thanks for your feedback!
Avalanche identifies a crash each time a program terminated abnormally. We try
to gather as much information about such situations as possible, but,
unfortunately, cannot completely guarantee that this information is enough to
identify the cause of termination. In rare cases (such as OOM situation you
have encountered) we get false-positives.
Also, Avalanche keeps the size of all input files to be checked - that means
that initial input test_image_2.png will never be enough to generate
test_image.png exploit.
Original comment by [email protected]
on 22 Aug 2011 at 12:54
from avalanche.
I propose some little improvement for such cases. Each instrumentation plugin
(tracegrid or covgrind) should report it own status by, for example, by
separate file to the main program. So the orchestra tool could differ failed
plugin and failed application cases.
As another variant would be the running of the tested application in a
standalone mode with possible exploit.
Original comment by xeioexception
on 22 Aug 2011 at 1:08
from avalanche.
The return value of Valgrind will always be the return value of the simulated
process - it can't be used to differ between plugin failures and application
failures.
Standalone application runs were used in previous versions, but it was decided
that they are ineffective.
Original comment by [email protected]
on 23 Aug 2011 at 10:37
from avalanche.
Now "partially fixed" in revision 238. Warnings are added to exploit reports
when no stack trace is available (possibly terminated with SIGKILL) and when
terminated by signal from another process (not kernel).
Original comment by [email protected]
on 25 Aug 2011 at 3:41
- Changed state: Fixed
from avalanche.
Related Issues (14)
- glibc 2.13 unsupported HOT 1
- Configure said 'kernel version... unsupported' HOT 13
- Configure script doesn't check lack of lex and yacc needed by STP HOT 1
- Error opening file basic_blocks.log before iteration 0 start HOT 2
- Avalanche 0.6.0 does not build on Fedora 16 HOT 9
- Avalanche 0.6 doesn't compile on 64-bits architecture
- [deleted issue]
- Exploits may not be found when standard string functions (string.h) are used HOT 1
- Avalanche crashes with segmentation fault when being run from PATH HOT 1
- Incorrect STP queries when lseek (fseek, etc.) is used HOT 1
- the tool doesn't track tainted data in static variables HOT 2
- the tool doesn't expand input file size if necessary HOT 1
- Avalanche-0.4 finished of checking an application but did't find an actual bug HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from avalanche.