Allow casr-san to produce reports with undefined severity (#226)

Co-authored-by: Avgor46 <[email protected]>
ispras · Jul 4, 2024 · 9653fa9 · 9653fa9
1 parent 0965554
commit 9653fa9
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/casr/src/bin/casr-san.rs b/casr/src/bin/casr-san.rs
@@ -220,7 +220,12 @@ fn main() -> Result<()> {
             let report_end = san_stderr_list.iter().rposition(|s| !s.is_empty()).unwrap() + 1;
             report.asan_report = Vec::from(&san_stderr_list[report_start..report_end]);
             let context = AsanContext(report.asan_report.clone());
-            report.execution_class = context.severity()?;
+            let severity = context.severity();
+            if let Ok(severity) = severity {
+                report.execution_class = severity;
+            } else {
+                eprintln!("Couldn't estimate severity. {}", severity.err().unwrap());
+            }
             report.stacktrace = AsanStacktrace::extract_stacktrace(&report.asan_report.join("\n"))?;
         } else {
             // Get termination signal.

diff --git a/libcasr/src/cluster.rs b/libcasr/src/cluster.rs
@@ -2,7 +2,6 @@
 use crate::error::*;
 use crate::stacktrace::*;
 
-use core::f64::MAX;
 use std::collections::HashMap;
 use std::path::PathBuf;
 
@@ -272,7 +271,7 @@ fn sil_subcoef_a(num: usize, stacktraces: &[Stacktrace]) -> f64 {
 ///
 /// "b" subcoefficient silhouette coefficient
 fn sil_subcoef_b(num: usize, i: usize, clusters: &[Vec<Stacktrace>]) -> f64 {
-    let mut min = MAX;
+    let mut min = f64::MAX;
     for (j, cluster) in clusters.iter().enumerate() {
         if j == i {
             continue;

diff --git a/libcasr/src/execution_class.rs b/libcasr/src/execution_class.rs
@@ -40,7 +40,7 @@ pub struct ExecutionClass {
 /// Instances of `ExecutionClass` structure.
 /// Add new classes to the end of array.
 /// TODO: Think about adding some ID for array element.
-pub const CLASSES: &[(&str, &str, &str, &str); 71] = &[
+pub const CLASSES: &[(&str, &str, &str, &str); 74] = &[
     ("EXPLOITABLE", "SegFaultOnPc", "Segmentation fault on program counter", "The target tried to access data at an address that matches the program counter. This likely indicates that the program counter contents are tainted and can be controlled by an attacker."),
     ("EXPLOITABLE", "ReturnAv", "Access violation during return instruction", "The target crashed on a return instruction, which likely indicates stack corruption."),
     ("EXPLOITABLE", "BranchAv", "Access violation during branch instruction", "The target crashed on a branch instruction, which may indicate that the control flow is tainted."),
@@ -72,6 +72,9 @@ pub const CLASSES: &[(&str, &str, &str, &str); 71] = &[
     ("NOT_EXPLOITABLE", "heap-buffer-overflow(read)", "Heap buffer overflow", "The target reads data past the end, or before the beginning, of the intended heap buffer."),
     ("PROBABLY_EXPLOITABLE", "heap-buffer-overflow", "Heap buffer overflow", "The target attempts to read or write data past the end, or before the beginning, of the intended heap buffer."),
     ("EXPLOITABLE", "heap-buffer-overflow(write)", "Heap buffer overflow", "The target writes data past the end, or before the beginning, of the intended heap buffer."),
+    ("NOT_EXPLOITABLE", "dynamic-stack-buffer-overflow(read)", "Dynamic stack buffer overflow", "The target reads data past the end, or before the beginning, of the variable-length array (VLA)."),
+    ("PROBABLY_EXPLOITABLE", "dynamic-stack-buffer-overflow", "Dynamic stack buffer overflow", "The target attempts to read or write data past the end, or before the beginning, of the variable-length array (VLA)."),
+    ("EXPLOITABLE", "dynamic-stack-buffer-overflow(write)", "Dynamic stack buffer overflow", "The target writes data past the end, or before the beginning, of the variable-length array (VLA)."),
     ("NOT_EXPLOITABLE", "global-buffer-overflow(read)", "Global buffer overflow", "The target reads data past the end, or before the beginning, of the intended global buffer."),
     ("PROBABLY_EXPLOITABLE", "global-buffer-overflow", "Global buffer overflow", "The target attempts to read or write data past the end, or before the beginning, of the intended global buffer."),
     ("EXPLOITABLE", "global-buffer-overflow(write)", "Global buffer overflow", "The target writes data past the end, or before the beginning, of the intended global buffer."),