https://github.com/tianocore/edk2-platforms/commit/4d960003ca35dc4af756c0a38e83b68630a42a90
https://github.com/tianocore/edk2-platforms/commit/22416dc7a93e39fa4e047ce59f6507e33c895d86
https://github.com/tianocore/edk2-platforms/commit/0bea20a53a77ad8c844d6021ccd789dc2d6f369c
https://github.com/tianocore/edk2-platforms/commit/d99e1597f899b397aaa8953180cf15a77954918e
https://github.com/tianocore/edk2-platforms/commit/977ed7c49933f64fea84ca7c59b4dbf3a33c3420
https://github.com/tianocore/edk2-platforms/commit/127af2995941808c6b7e8778a62171a8e5184bd5
https://github.com/tianocore/edk2-platforms/commit/92065decc87e531c1701b6dd413fb52ef99a5b43
https://github.com/tianocore/edk2-platforms/commit/d0cd979906f1645a6277bde0aeddc7303c9a1b46
https://github.com/tianocore/edk2-platforms/commit/dc30a6213115d15a58cb2a967f0df3f48704f890
https://github.com/tianocore/edk2-platforms/commit/1f5c4f7cab506e800b13ecd1898bcc13df5d524d
https://github.com/tianocore/edk2-platforms/commit/0af4ed52a2e605761b4bcfdb3f10e5a8d9685931
https://github.com/tianocore/edk2-platforms/commit/615afc82db9f3ff348dacf8a94d9bb588783964b
https://github.com/tianocore/edk2-platforms/commit/878c4b13fb2fabd07c5db29ae465aeb2177ce744
https://github.com/tianocore/edk2/commit/35043a5ec05db6aa86b1b380416923fd1c3506e6
Автор: Savva Mitrofanov
Анализатор кода: sydr-fuzz (Crusher)
Проект: edk2-platforms
Состояние: закрыто
https://github.com/tianocore/edk2-platforms/commit/22416dc7a93e39fa4e047ce59f6507e33c895d86
https://github.com/tianocore/edk2-platforms/commit/0bea20a53a77ad8c844d6021ccd789dc2d6f369c
https://github.com/tianocore/edk2-platforms/commit/d99e1597f899b397aaa8953180cf15a77954918e
https://github.com/tianocore/edk2-platforms/commit/977ed7c49933f64fea84ca7c59b4dbf3a33c3420
https://github.com/tianocore/edk2-platforms/commit/127af2995941808c6b7e8778a62171a8e5184bd5
https://github.com/tianocore/edk2-platforms/commit/92065decc87e531c1701b6dd413fb52ef99a5b43
https://github.com/tianocore/edk2-platforms/commit/d0cd979906f1645a6277bde0aeddc7303c9a1b46
https://github.com/tianocore/edk2-platforms/commit/dc30a6213115d15a58cb2a967f0df3f48704f890
https://github.com/tianocore/edk2-platforms/commit/1f5c4f7cab506e800b13ecd1898bcc13df5d524d
https://github.com/tianocore/edk2-platforms/commit/0af4ed52a2e605761b4bcfdb3f10e5a8d9685931
https://github.com/tianocore/edk2-platforms/commit/615afc82db9f3ff348dacf8a94d9bb588783964b
https://github.com/tianocore/edk2-platforms/commit/878c4b13fb2fabd07c5db29ae465aeb2177ce744
https://github.com/tianocore/edk2/commit/35043a5ec05db6aa86b1b380416923fd1c3506e6
Автор: Savva Mitrofanov
Анализатор кода: sydr-fuzz (Crusher)
Проект: edk2-platforms
Состояние: закрыто
GitHub
Ext4Pkg: Fix memory leak in Ext4RetrieveDirent · tianocore/edk2-platforms@4d96000
We need to free buffer on return if BlockRemainder != 0. Also changed
return logic from function to use use common exit to prevent code
duplication.
Cc: Marvin Häuser <mhaeuser@posteo.de&am...
return logic from function to use use common exit to prevent code
duplication.
Cc: Marvin Häuser <mhaeuser@posteo.de&am...
🔥8
https://github.com/pytorch/pytorch/pull/94295
https://github.com/pytorch/pytorch/pull/94297
https://github.com/pytorch/pytorch/pull/94298
https://github.com/pytorch/pytorch/pull/94300
Автор: Теодор Арсений Ларионов-Тришкин @m4drat
Анализатор кода: sydr-fuzz (Crusher)
Состояние: 2 принято, 2 на ревью
https://github.com/pytorch/pytorch/pull/94297
https://github.com/pytorch/pytorch/pull/94298
https://github.com/pytorch/pytorch/pull/94300
Автор: Теодор Арсений Ларионов-Тришкин @m4drat
Анализатор кода: sydr-fuzz (Crusher)
Состояние: 2 принято, 2 на ревью
GitHub
Add exception handlers for stoll in jit/frontend/schema_type_parser.cpp by m4drat · Pull Request #94295 · pytorch/pytorch
Hi!
I've been fuzzing different pytorch modules, and found a few crashes.
Specifically, I'm talking about schema_type_parser.cpp and irparser.cpp. Inside these files, different standard con...
I've been fuzzing different pytorch modules, and found a few crashes.
Specifically, I'm talking about schema_type_parser.cpp and irparser.cpp. Inside these files, different standard con...
🔥8
https://github.com/net-snmp/net-snmp/commit/db4136680ca9375ead66dbdaf58a8955bb12bf2eПроект: net-snmp
https://github.com/net-snmp/net-snmp/commit/ee5fca70b03115fef5f0207fc6aa6fd42b7302ea
https://github.com/net-snmp/net-snmp/commit/8b9035253fd4910c047c878c2524373723b68e07
https://github.com/net-snmp/net-snmp/commit/b556c2219867e064cb7e8e12324d6bbd19f1fee7
https://github.com/net-snmp/net-snmp/commit/9faf03413dd2019af2e67daaa5602383bb625a32
https://github.com/net-snmp/net-snmp/commit/5928a25aaecb5ba92af3b7ce756e8ab50a1753c1
https://github.com/net-snmp/net-snmp/commit/a2ddbd7122212a9d60fc61653b42163c0214ae9f
https://github.com/net-snmp/net-snmp/commit/44d304e87cb07c36b560050f32535c7d3ec7e44c
https://github.com/net-snmp/net-snmp/commit/6f0d5c93b4fa102dd70f11a88b8c7a9e171f32c6
https://github.com/net-snmp/net-snmp/commit/6c2d5092161df65231796769d61f8c81f0943abc
https://github.com/net-snmp/net-snmp/commit/ff55deaf8c7f6009326171879f265daeadd0fdd5
https://github.com/net-snmp/net-snmp/commit/214497a3f47114040737940a7050f5d8735feddf
https://github.com/net-snmp/net-snmp/commit/5dc7fa1f3e8d0c0cb91818c63bbfd8f38877b2cc
Автор: Максим Коротков @mayhem1613
Анализатор кода: svace, pvs-studio
Состояние: Закрыто
🔥10
Баг найден в ванильном постгресе (воспроизводится в версиях 14 и 15), в функции конвертации json из строкового представления во внутреннее jsonb представление. Баг найден с использованием AFL++.
https://www.postgresql.org/message-id/7332649.x5DLKWyVIX%40thinkpad-pgpro
Автор: Николай Шаплов
Компания: ПостгресПро
https://www.postgresql.org/message-id/7332649.x5DLKWyVIX%40thinkpad-pgpro
Автор: Николай Шаплов
Компания: ПостгресПро
PostgreSQL Mailing List Archives
Bug in jsonb_in function (14 & 15 version are affected)
Hi! I found a bug in jsonb_in function (it converts json from sting representation into jsonb internal representation). To reproduce …
🔥7
https://github.com/golang/image/pull/14
Проект: golang/image
Автор: Андрей Федотов
Анализатор кода: sydr-fuzz (Crusher)
Состояние: На ревью
Проект: golang/image
Автор: Андрей Федотов
Анализатор кода: sydr-fuzz (Crusher)
Состояние: На ревью
GitHub
webp: fix panic at memory allocation in readAlpha function by anfedotoff · Pull Request #14 · golang/image
I fuzzed webp image decoder using this fuzz target and found panic at memory allocation in readAlpha function.
🔥8
https://github.com/jcrist/msgspec/issues/366
Проект: msgspec
Автор: Иван Капранов
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
Проект: msgspec
Автор: Иван Капранов
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
GitHub
MemoryError exception in msgpack parser. · Issue #366 · jcrist/msgspec
Denoscription Hello, I was fuzzing this project with sydr-fuzz and found MemoryError exception in msgpack parser. How to reproduce Example of POC: import msgspec with open("crashes/oom-0a450b117...
🔥6
https://github.com/tensorflow/tensorflow/pull/60082
Проект: TensorFlow
Автор: Алексей Вишняков
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
Проект: TensorFlow
Автор: Алексей Вишняков
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
GitHub
Fix endless loop in tensorflow::wav::DecodeLin16WaveAsFloatVector by SweetVishnya · Pull Request #60082 · tensorflow/tensorflow
This bug was originally fixed by #56455
Regression was introduced in 50b4baf where addition result is truncated to smaller type. Thus, overflow checks do not work.
We performed continuous hybrid fu...
Regression was introduced in 50b4baf where addition result is truncated to smaller type. Thus, overflow checks do not work.
We performed continuous hybrid fu...
🔥6
https://github.com/pytorch/pytorch/pull/85705
Проект: PyTorch
Автор: Даниил Куц
Анализатор кода: Svace
Состояние: Исправлено
Проект: PyTorch
Автор: Даниил Куц
Анализатор кода: Svace
Состояние: Исправлено
GitHub
Fix bugs found by static analysis by apach301 · Pull Request #85705 · pytorch/pytorch
These PR fixes a number of bugs found by Svace static analyzer:
DEREF_AFTER_FREE at qnnpack_utils.h:
Pointer '&convolution->zero_buffer' is dereferenced at qnnpack_utils.h:258 after...
DEREF_AFTER_FREE at qnnpack_utils.h:
Pointer '&convolution->zero_buffer' is dereferenced at qnnpack_utils.h:258 after...
🔥7
https://github.com/tensorflow/tensorflow/pull/58911
https://github.com/tensorflow/tensorflow/pull/58912
https://github.com/tensorflow/tensorflow/pull/58913
https://github.com/tensorflow/tensorflow/pull/58914
https://github.com/tensorflow/tensorflow/pull/58915
https://github.com/tensorflow/tensorflow/pull/58916
https://github.com/tensorflow/tensorflow/pull/58917
https://github.com/tensorflow/tensorflow/pull/58918
https://github.com/tensorflow/tensorflow/pull/58919
https://github.com/tensorflow/tensorflow/pull/59282
https://github.com/tensorflow/tensorflow/pull/58920
https://github.com/tensorflow/tensorflow/pull/58921
https://github.com/tensorflow/tensorflow/pull/58922
https://github.com/tensorflow/tensorflow/pull/60221
https://github.com/tensorflow/tensorflow/pull/60225
https://github.com/tensorflow/tensorflow/pull/60231
Проект: TensorFlow
Авторы: Даниил Куц, Алексей Вишняков, Дарья Парыгина
Анализатор кода: Svace
Состояние: Исправлено
https://github.com/tensorflow/tensorflow/pull/58912
https://github.com/tensorflow/tensorflow/pull/58913
https://github.com/tensorflow/tensorflow/pull/58914
https://github.com/tensorflow/tensorflow/pull/58915
https://github.com/tensorflow/tensorflow/pull/58916
https://github.com/tensorflow/tensorflow/pull/58917
https://github.com/tensorflow/tensorflow/pull/58918
https://github.com/tensorflow/tensorflow/pull/58919
https://github.com/tensorflow/tensorflow/pull/59282
https://github.com/tensorflow/tensorflow/pull/58920
https://github.com/tensorflow/tensorflow/pull/58921
https://github.com/tensorflow/tensorflow/pull/58922
https://github.com/tensorflow/tensorflow/pull/60221
https://github.com/tensorflow/tensorflow/pull/60225
https://github.com/tensorflow/tensorflow/pull/60231
Проект: TensorFlow
Авторы: Даниил Куц, Алексей Вишняков, Дарья Парыгина
Анализатор кода: Svace
Состояние: Исправлено
GitHub
Handle error properly in NodeDefBuilder::Finalize by apach301 · Pull Request #58911 · tensorflow/tensorflow
Possible null dereference of op_def_. This case should be handled like in the if-statement higher.
This PR is part of #57892
Bug was found by Svace static analyzer (more info).
This PR is part of #57892
Bug was found by Svace static analyzer (more info).
🔥5
https://github.com/tensorflow/tensorflow/pull/60222
https://github.com/tensorflow/tensorflow/pull/60227
https://github.com/tensorflow/tensorflow/pull/60230
https://github.com/tensorflow/tensorflow/pull/60242
https://github.com/tensorflow/tensorflow/issues/60220
https://github.com/tensorflow/tensorflow/issues/60255
Проект: TensorFlow
Авторы: Дарья Парыгина, Алексей Вишняков
Анализатор кода: Svace
Состояние: Открыто
https://github.com/tensorflow/tensorflow/pull/60227
https://github.com/tensorflow/tensorflow/pull/60230
https://github.com/tensorflow/tensorflow/pull/60242
https://github.com/tensorflow/tensorflow/issues/60220
https://github.com/tensorflow/tensorflow/issues/60255
Проект: TensorFlow
Авторы: Дарья Парыгина, Алексей Вишняков
Анализатор кода: Svace
Состояние: Открыто
GitHub
Fix null pointer dereference in mlir::GetOutermostOpsOfType by SweetVishnya · Pull Request #60222 · tensorflow/tensorflow
The bug was found by Svace static analyzer:
v is null
v.emitError() dereferences a null pointer
cc @mihaimaruseac
v is null
v.emitError() dereferences a null pointer
cc @mihaimaruseac
🔥5
https://github.com/pytorch/pytorch/issues/95061
https://github.com/pytorch/pytorch/issues/95062
Проект: PyTorch
Автор: Илай Кобрин
Анализатор кода: sydr-fuzz (Crusher)
Состояние: исправление на ревью
https://github.com/pytorch/pytorch/issues/95062
Проект: PyTorch
Автор: Илай Кобрин
Анализатор кода: sydr-fuzz (Crusher)
Состояние: исправление на ревью
GitHub
Null pointer dereference in `third_party/flatbuffers/include/flatbuffers/vector.h:158:48` · Issue #95061 · pytorch/pytorch
Hi! We've been fuzzing pytorch using oss-sydr-fuzz and found a null pointer dereference in third_party/flatbuffers/include/flatbuffers/vector.h:158:48. How to reproduce the error Build docker c...
🔥6
https://github.com/oneapi-src/oneDNN/pull/1624
Проект: oneDNN
Автор: Алексей Вишняков
Анализатор кода: Svace
Состояние: Исправлено
Проект: oneDNN
Автор: Алексей Вишняков
Анализатор кода: Svace
Состояние: Исправлено
GitHub
cpu: x64: brgconv: Fix null pointer dereference in dnnl::impl::cpu::x64::brgemm_convolution_fwd_t() by SweetVishnya · Pull Request…
Denoscription
The bug was found by Svace static analysis tool:
null pointer can be assigned to inp_buffer
then it is dereferenced via inp_buffer[i]
Checklist
General
Do all unit and benchdnn test...
The bug was found by Svace static analysis tool:
null pointer can be assigned to inp_buffer
then it is dereferenced via inp_buffer[i]
Checklist
General
Do all unit and benchdnn test...
🔥6
https://github.com/HDFGroup/hdf5/pull/2691
Проект: HDF5
Автор: Илай Кобрин
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
Проект: HDF5
Автор: Илай Кобрин
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
GitHub
Fix out of bounds in `hdf5/src/H5Fint.c:2859` by kobrineli · Pull Request #2691 · HDFGroup/hdf5
Hi! Some time ago I reported an out of bounds error in hdf5/src/H5Fint.c:2859 #2432.
I fixed the error by myself by adding some checks on image pointer. I've tested the fixed version on the inp...
I fixed the error by myself by adding some checks on image pointer. I've tested the fixed version on the inp...
🔥9
Проект: libxml2
Автор: Коротков Максим @mayhem1613
Анализатор кода: svace
Статус: закрыто
https://gitlab.gnome.org/GNOME/libxml2/-/issues/482
https://gitlab.gnome.org/GNOME/libxml2/-/issues/481
https://gitlab.gnome.org/GNOME/libxml2/-/issues/479
https://gitlab.gnome.org/GNOME/libxml2/-/issues/421
Автор: Коротков Максим @mayhem1613
Анализатор кода: svace
Статус: закрыто
https://gitlab.gnome.org/GNOME/libxml2/-/issues/482
https://gitlab.gnome.org/GNOME/libxml2/-/issues/481
https://gitlab.gnome.org/GNOME/libxml2/-/issues/479
https://gitlab.gnome.org/GNOME/libxml2/-/issues/421
GitLab
Logic error: Condition always false in relaxng.c (#482) · Issues · GNOME / libxml2 · GitLab
./relaxng.c:7978-7990 introduced from c58f4efb
🔥8
Проект: Suricata
Автор: Максим Коротков @mayhem1613
Анализатор кода: svace
https://github.com/OISF/suricata/commit/1c055dc370c6eb2d3c71064cd38cebe7284000f0
Статус: закрыт
Автор: Максим Коротков @mayhem1613
Анализатор кода: svace
https://github.com/OISF/suricata/commit/1c055dc370c6eb2d3c71064cd38cebe7284000f0
Статус: закрыт
GitHub
output: fix logic error · OISF/suricata@1c055dc
The logical error may have been made here. Comparison with the upper
bound of the variable type does not make sense. It may be worth adding
the cast of one of the multiplication operands to the 64-...
bound of the variable type does not make sense. It may be worth adding
the cast of one of the multiplication operands to the 64-...
🔥7
Проект: runc
Автор: Андрей Цыгунька
Анализатор кода: libfuzzer
Статус: Исправлено
https://github.com/opencontainers/runc/commit/97ea1255ed552525619a9aac2faf4f316923bcde
Автор: Андрей Цыгунька
Анализатор кода: libfuzzer
Статус: Исправлено
https://github.com/opencontainers/runc/commit/97ea1255ed552525619a9aac2faf4f316923bcde
GitHub
Fix runc crushes when parsing invalid JSON · opencontainers/runc@97ea125
Signed-off-by: Andrey Tsygunka <dreamsider@mail.ru>
🔥7
Проект: u-boot
Автор: Михаил Ильин
Анализатор кода: svace
Статус: Исправлено
https://github.com/u-boot/u-boot/commit/ae182a25f5777f957a2c56539221abcb5648c5c6
https://github.com/u-boot/u-boot/commit/f75e92f7f7bffe724dccd6769b37f95e0aa7842c
https://github.com/u-boot/u-boot/commit/9017785acd247c6ba60d0f0c0e9722201f0b184c
https://github.com/u-boot/u-boot/commit/507a70b1447ae389c614ac3d04ae853922935898
https://github.com/u-boot/u-boot/commit/4b95e8407eba6e6fd73341695de15dec19e723a8
Автор: Михаил Ильин
Анализатор кода: svace
Статус: Исправлено
https://github.com/u-boot/u-boot/commit/ae182a25f5777f957a2c56539221abcb5648c5c6
https://github.com/u-boot/u-boot/commit/f75e92f7f7bffe724dccd6769b37f95e0aa7842c
https://github.com/u-boot/u-boot/commit/9017785acd247c6ba60d0f0c0e9722201f0b184c
https://github.com/u-boot/u-boot/commit/507a70b1447ae389c614ac3d04ae853922935898
https://github.com/u-boot/u-boot/commit/4b95e8407eba6e6fd73341695de15dec19e723a8
GitHub
efi_loader: Fix buffer underflow · u-boot/u-boot@ae182a2
If the array index 'i' < 128, the 'codepage' array is accessed using
[-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer
overflow.
Nega...
[-128...-1] in efi_unicode_collation.c:262. This can lead to a buffer
overflow.
Nega...
🔥8
https://github.com/llvm/llvm-project/commit/9a564a61a281021a67ce05d55f1cd3d008a0838b
https://github.com/llvm/llvm-project/commit/9c07aa75b961fa19875fddd1dcd0deaa57f82e9d
Проект: LLVM
Автор: Алексей Вишняков
Анализатор кода: Svace
Состояние: Исправлено
https://github.com/llvm/llvm-project/commit/9c07aa75b961fa19875fddd1dcd0deaa57f82e9d
Проект: LLVM
Автор: Алексей Вишняков
Анализатор кода: Svace
Состояние: Исправлено
GitHub
[ARM] ARMMachObjectWriter::recordRelocation: reduce strength on a con… · llvm/llvm-project@9a564a6
…dition
Reviewed By: MaskRay, dmgreen
Differential Revision: https://reviews.llvm.org/D147931
Reviewed By: MaskRay, dmgreen
Differential Revision: https://reviews.llvm.org/D147931
🔥10
https://github.com/ntop/nDPI/pull/1980
Проект: nDPI
Автор: Тимофей Межуев
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
Проект: nDPI
Автор: Тимофей Межуев
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
GitHub
Numeric Truncation at `reader_util.c:1507' by headshog · Pull Request #1980 · ntop/nDPI
Hi! We've been fuzzing nDPI with sydr-fuzz security predicates and numeric truncation error was found in reader_util.c:1507.
In function packet_processing our tool has found numeric truncation ...
In function packet_processing our tool has found numeric truncation ...
🔥10
https://github.com/zeux/pugixml/issues/560
Проект: pugixml
Автор: Святослав Терёшин @tereshi
Анализатор кода: libfuzzer (Futag)
Состояние: Исправлено
Проект: pugixml
Автор: Святослав Терёшин @tereshi
Анализатор кода: libfuzzer (Futag)
Состояние: Исправлено
GitHub
OOM when load_file for special folder · Issue #560 · zeux/pugixml
Sometimes when you use load_file with ASAN for special folder it can cause OOM exception: root@fuzzing:/home/user/pugixml/src# cat main.cpp #include "pugixml.hpp" int main(int argc, char ...
🔥6
https://github.com/pytorch/pytorch/pull/102156
Проект: PyTorch
Автор: Даниил Куц
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
Проект: PyTorch
Автор: Даниил Куц
Анализатор кода: sydr-fuzz (Crusher)
Состояние: Исправлено
GitHub
Add security guards to avoid crashes in torch::jit module by apach301 · Pull Request #102156 · pytorch/pytorch
Hi!
I've been fuzzing different pytorch modules with with sydr-fuzz, and found a multiple crashes in torch::jit::load() function.
All found errors could be reproduced with provided docker: Dock...
I've been fuzzing different pytorch modules with with sydr-fuzz, and found a multiple crashes in torch::jit::load() function.
All found errors could be reproduced with provided docker: Dock...
🔥4