https://github.com/yugr/dirtyframe

A prototype tool to provoke uninitilized data errors by filling stack frames with garbage in prologue
https://github.com/yugr/dirtyframe

buffer-overflow dynamic-analysis program-analysis runtime-verification

Last synced: about 1 year ago
JSON representation

A prototype tool to provoke uninitilized data errors by filling stack frames with garbage in prologue

• Host: GitHub
• URL: https://github.com/yugr/dirtyframe
• Owner: yugr
• License: mit
• Created: 2017-02-28T07:36:07.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2024-12-29T04:11:27.000Z (over 1 year ago)
• Last Synced: 2025-03-25T09:52:58.392Z (about 1 year ago)
• Topics: buffer-overflow, dynamic-analysis, program-analysis, runtime-verification
• Language: Python
• Size: 42 KB
• Stars: 9
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
[![License](http://img.shields.io/:license-MIT-blue.svg)](https://github.com/yugr/DirtyFrame/blob/master/LICENSE.txt)

[![Build Status](https://github.com/yugr/DirtyFrame/actions/workflows/ci.yml/badge.svg)](https://github.com/yugr/DirtyFrame/actions)

[![Total alerts](https://img.shields.io/lgtm/alerts/g/yugr/DirtyFrame.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/yugr/DirtyFrame/alerts/)

# What's this?

NOTE: this seems to be largely superseded by GCC's [-ftrivial-auto-var-init=pattern](https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-ftrivial-auto-var-init)

and [-fstrub](https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fstrub_003dstrict).

DirtyFrame (formerly StackWipe, StackRandomizer) is a prototype tool

which tries to provoke uninitilized data

errors by filling stack frames with garbage before and after executing

functions.

The results are negative so I believe the approach isn't viable.

# How to run

Tool is implemented as a thin wrapper around GCC. You can build it

via `make all` (generated files will be stored in `$SRC/out`).

To use it with standard Autoconf project, simply override `CC` and `CXX`

variables:

    ~/src/gnutls-3.5.9/configure CC=$SRC/out/bin/rancc CXX=$SRC/out/bin/ran++

In general case you can use _fake_ GCC wrapper:

    PATH=$SRC/out/fake-gcc:$PATH make

To print diagnostic info during execution, export `RANAS_VERBOSE=1` (higher

levels are available too). To abort on warnings export `RANAS_STRICT=1`.

# Results

The tool didn't find anything in standard testsuites of

* libsndfile

* ffmpeg

* openssl

* tiff

* libpng

* libarchive

* sqlite

* bzip2

* libexpat

and first 500 packages of [Debian package rating](http://popcon.debian.org/by_vote)

so I believe it's not very useful.

# Limitations and todo

The tool is only meant to be a prototype so it has lots of limitations.

Most prominent are

* only supports x86\_64

* code is ugly