You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to use the ./saber -dfree tool to analyze c and cpp programs for CWE-415 double free vulnerabilities. The output says that a double free has been found and correctly prints the line of the memory allocation, but does not print the free() locations.
I have created a small example program to demonstrate this.
DoubleFreeSimple1.cpp
#include <cstdlib>
int main() {
int *Data = (int *)malloc(sizeof(int));
*Data = 1;
free(Data);
free(Data);
return 0;
}
I have tried to find the part of the code that causes this, but was unable to do so. The sinks have been correctly found and are present at the time SrcSnkDDA::analyze is called. The lines of the free() calls are correctly identified as line 8 and 9.
I have noticed that the bugEventStack.size() is always 1, even in more sophisticated test programs. The first element is the memory allocation, which is correctly printed. The loop afterwards goes from the second element to the last element to print the path. Since the size of bugEventStack is always 1, this loop doesn't run at all, which explains the empty path.
My guess then is that the sinks are not being analyzed/not being analyzed correctly in the SrcSnkDDA::analyze function, but the bug could be somewhere else as well. It could also be, that I have made a mistake and used svf incorrectly, so if this is the case, please let me know.
The text was updated successfully, but these errors were encountered:
I am trying to use the ./saber -dfree tool to analyze c and cpp programs for CWE-415 double free vulnerabilities. The output says that a double free has been found and correctly prints the line of the memory allocation, but does not print the free() locations.
I have created a small example program to demonstrate this.
DoubleFreeSimple1.cpp
Compilation command
svf command
relevant svf output
What I've tried
I have tried to find the part of the code that causes this, but was unable to do so. The sinks have been correctly found and are present at the time SrcSnkDDA::analyze is called. The lines of the free() calls are correctly identified as line 8 and 9.
I have noticed that the bugEventStack.size() is always 1, even in more sophisticated test programs. The first element is the memory allocation, which is correctly printed. The loop afterwards goes from the second element to the last element to print the path. Since the size of bugEventStack is always 1, this loop doesn't run at all, which explains the empty path.
My guess then is that the sinks are not being analyzed/not being analyzed correctly in the SrcSnkDDA::analyze function, but the bug could be somewhere else as well. It could also be, that I have made a mistake and used svf incorrectly, so if this is the case, please let me know.
The text was updated successfully, but these errors were encountered: