{"id":18627536,"url":"https://github.com/yugr/dirtyframe","last_synced_at":"2025-04-11T05:31:44.545Z","repository":{"id":129418738,"uuid":"83403590","full_name":"yugr/DirtyFrame","owner":"yugr","description":"A prototype tool to provoke uninitilized data errors by filling stack frames with garbage in prologue","archived":false,"fork":false,"pushed_at":"2024-12-29T04:11:27.000Z","size":43,"stargazers_count":9,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-25T09:52:58.392Z","etag":null,"topics":["buffer-overflow","dynamic-analysis","program-analysis","runtime-verification"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yugr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-28T07:36:07.000Z","updated_at":"2024-12-29T04:11:31.000Z","dependencies_parsed_at":"2023-03-13T11:23:10.942Z","dependency_job_id":null,"html_url":"https://github.com/yugr/DirtyFrame","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yugr%2FDirtyFrame","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yugr%2FDirtyFrame/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yugr%2FDirtyFrame/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yugr%2FDirtyFrame/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yugr","download_url":"https://codeload.github.com/yugr/DirtyFrame/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248347478,"owners_count":21088660,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buffer-overflow","dynamic-analysis","program-analysis","runtime-verification"],"created_at":"2024-11-07T04:42:44.409Z","updated_at":"2025-04-11T05:31:44.521Z","avatar_url":"https://github.com/yugr.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](http://img.shields.io/:license-MIT-blue.svg)](https://github.com/yugr/DirtyFrame/blob/master/LICENSE.txt)\n[![Build Status](https://github.com/yugr/DirtyFrame/actions/workflows/ci.yml/badge.svg)](https://github.com/yugr/DirtyFrame/actions)\n[![Total alerts](https://img.shields.io/lgtm/alerts/g/yugr/DirtyFrame.svg?logo=lgtm\u0026logoWidth=18)](https://lgtm.com/projects/g/yugr/DirtyFrame/alerts/)\n\n# What's this?\n\nNOTE: this seems to be largely superseded by GCC's [-ftrivial-auto-var-init=pattern](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-ftrivial-auto-var-init)\nand [-fstrub](https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fstrub_003dstrict).\n\nDirtyFrame (formerly StackWipe, StackRandomizer) is a prototype tool\nwhich tries to provoke uninitilized data\nerrors by filling stack frames with garbage before and after executing\nfunctions.\n\nThe results are negative so I believe the approach isn't viable.\n\n# How to run\n\nTool is implemented as a thin wrapper around GCC. You can build it\nvia `make all` (generated files will be stored in `$SRC/out`).\n\nTo use it with standard Autoconf project, simply override `CC` and `CXX`\nvariables:\n\n    ~/src/gnutls-3.5.9/configure CC=$SRC/out/bin/rancc CXX=$SRC/out/bin/ran++\n\nIn general case you can use _fake_ GCC wrapper:\n\n    PATH=$SRC/out/fake-gcc:$PATH make\n\nTo print diagnostic info during execution, export `RANAS_VERBOSE=1` (higher\nlevels are available too). To abort on warnings export `RANAS_STRICT=1`.\n\n# Results\n\nThe tool didn't find anything in standard testsuites of\n* libsndfile\n* ffmpeg\n* openssl\n* tiff\n* libpng\n* libarchive\n* sqlite\n* bzip2\n* libexpat\n\nand first 500 packages of [Debian package rating](http://popcon.debian.org/by_vote)\nso I believe it's not very useful.\n\n# Limitations and todo\n\nThe tool is only meant to be a prototype so it has lots of limitations.\nMost prominent are\n* only supports x86\\_64\n* code is ugly\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyugr%2Fdirtyframe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyugr%2Fdirtyframe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyugr%2Fdirtyframe/lists"}