Patches - ExtractFix Benchmark

We list below the patches generated by our tool CPR, for the ExtractFix benchmark in our evaluation section of the paper.

ID Project Bug ID Error Type Generated Patch Developer Patch
1 Libtiff CVE-2016-5321 Out of bound Read 
- for (s = 0; s < spp; s++)
+ for (s = 0; s < spp && s < MAX_SAMPLES; s++)
d9783e4
2 Libtiff CVE-2014-8128 Out of bound Write 
- while (err >= limit) {
+ while (err >= limit && nrows == 256) {
3206e0c
3 Libtiff CVE-2016-3186 Buffer Overflow 
- while ((count = getc(infile)) && count <= 255)
+ while ((count = getc(infile)) && count <= 255 && x >= 0)
1144235
4 Libtiff CVE-2016-5314 Buffer Overflow 
+ if (sp->tbuf_size < sp->stream.avail_out) return 0;
391e77f
5 Libtiff CVE-2016-9273 Out of bound Read 
+ if (td->td_nstrips == 0) return td->td_nstrips;
d651abc
6 Libtiff bugzilla 2633 Buffer Overflow 
+ if (es <= 0) return;
5ed9fea
7 Libtiff CVE-2016-10094 Buffer Overflow 
- if (count >= 4) {
+ if (5 <= count) {
c715336
8 Libtiff CVE-2017-7601 Shift Overflow 
+ if (16 < td->td_bitspersample) return 0;
0a76a8
9 Libtiff CVE-2016-3623 Divide by Zero 
+ if(0 == horizSubSampling) usage(-1);
bd024f0
10 Libtiff CVE-2017-7595 Divide by Zero 
+ if(0 == sp->v_sampling) return 0;
47f2fb6
11 Libtiff bugzilla 2611 Divide by Zero 
+ if(0 == sp->bytes_per_line) return -1;
43bc25
12 Binutils CVE-2018-10372 Buffer Overflow 
- if (!do_display) { 
+ if (!do_display) { if (limit <= (ph + num)) return 0;
6aea08
13 Binutils CVE-2017-15025 Divide by Zero 
+ if(0 == lh.line_range) goto line_fail;
d8010d3
14 Libxml2 CVE-2016-1834 Buffer Overflow 
+ if (size < 0) return(NULL);
8fbbf551
15 Libxml2 CVE-2016-1838 Buffer Overflow 
- if ((tlen > 0) && (xmlStrncmp(ctxt->input->cur, ctxt->name, tlen) == 0)) {
+ if ((tlen > 0) && (tlen <= curLength) && (xmlStrncmp(ctxt->input->cur, ctxt->name, tlen) == 0)) {
db07dd6
16 Libxml2 CVE-2016-1839 Buffer Overflow 
+ if ((ctxt->input->cur - ctxt->input->base) < len) return(NULL);
a820dbe
17 Libxml2 CVE-2012-5134 Buffer Underflow 
- while (buf[len - 1] == 0x20) len--;
+ while ((len > 0) && (buf[len - 1] == 0x20) len--;
6a36fbe
18 Libxml2 CVE-2017-5969 Null Pointer Dereference 
+ if (0 == content->c2) break;
94691dc8
19 Libjpeg CVE-2018-14498 Buffer Overflow 
+ if (source->cmap_length <= t) exit(1);
cbe01e
20 Libjpeg CVE-2018-19664 Buffer Overflow 
- } else if (cinfo->out_color_space == JCS_RGB565 || cinfo->out_color_space == JCS_CMYK) {
+ } else if ((1 != cinfo->quantize_colors) && (cinfo->out_color_space == JCS_RGB565 || cinfo->out_color_space == JCS_CMYK)) {
f8cca81
21 Libjpeg CVE-2017-15232 Null Pointer Dereference 
+ if ((0 < num_rows) && (0 == output_buf)) ERREXIT(cinfo, JERR_BAD_STATE);
1ecd9a5
22 Libjpeg CVE-2012-2806 Null Pointer Dereference 
- for (i = 0; i < cinfo->num_components; i++)
+ for (i = 0; i < cinfo->num_components && i < MAX_COMPS_IN_SCAN); i++)
dd2b651
23 FFmpeg CVE-2017-9992 Buffer Overflow 
N/A
f52fbf4
24 FFmpeg Bugzilla-1404 Buffer Overflow 
N/A
279420b
25 Jasper CVE-2016-8691 Divide by Zero 
+ if (0 == siz->comps[i].hsamp) return -1;
d8c2604
26 Jasper CVE-2016-9387 Integer Overflow 
+ if (dec->yend == dec->yend) return -1;
d91198a
27 Coreutils Bugzilla 26545 Buffer Overflow 
- for (i = 3; i < size / 2; i *= 2)
+ for (i = 3; i <= size / 2; i *= 2)
f4570a
28 Coreutils GNUBug 25003 Invalid Memory Reference 
- if (initial_read != SIZE_MAX || start < initial_read)
+ if (start < initial_read)
4954f79
29 Coreutils GNUBug 25023 Buffer Overflow 
- else if (!join_lines && *col_sep_string == '\t')
+ else if (!join_lines && *col_sep_string == '\t' && (1 == col_sep_length))
d91aee
30 Coreutils Bugzilla 19784 Buffer Overflow 
- while (i < size && sieve[++i] == 0)
+ while((i < (-1 + size)) && sieve[++i] == 0)
1d0f1b7