No POIs in vulnerable program #66

sherkat69 · 2024-01-03T10:02:57Z

hi

i am trying to test a code with MATE:

int main(){

	int x = 1;
	if (x=0){
	 x=3;
	 }
	int y = x/0;

	int size = 5;
	char *src = "xxxxxxxxxx";
	int *dest = malloc(size + 1);
	memcpy(dest, src, size);
	
	int* alc_mem__ptr = malloc(5);
	memcpy(alc_mem__ptr, src, 9);
	free(alc_mem__ptr);
	memcpy(alc_mem__ptr, src, 9);

	return 0;
}

this code has several issues; redundancy, use after free, overflow ...
but i am not getting any reports in POI or any other sections.

to make sure that i correctly installed MATE, i analyzed "authentication.c" file and two problems are shown in POI section.

p.s: how to delete the scanned project in build section?

The text was updated successfully, but these errors were encountered:

langston-barrett · 2024-01-03T14:19:41Z

@sherkat69 MATE only checks for certain kinds of POIs (e.g., it checks for UAF but not overflow). Additionally, I wouldn't be surprised if the compiler has optimized away the straightforward UB in your program, you can check this by compiling with clang -emit-llvm and inspecting the bitcode to see if the UB is still present.

sherkat69 · 2024-01-09T07:22:49Z

is there any command to clear all previous builds?

langston-barrett changed the title ~~vulnerability report problem~~ No POIs in vulnerable program Jan 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

No POIs in vulnerable program #66

No POIs in vulnerable program #66

sherkat69 commented Jan 3, 2024

langston-barrett commented Jan 3, 2024

sherkat69 commented Jan 9, 2024

No POIs in vulnerable program #66

No POIs in vulnerable program #66

Comments

sherkat69 commented Jan 3, 2024

langston-barrett commented Jan 3, 2024

sherkat69 commented Jan 9, 2024