List of vulnerable lines

[chaws]

That's not an issue per se, but I was wondering if there was a list with all faulty lines.

I'm aware of PATCHED macros, but those don't necessarily tell the line where the program actually breaks.

The reason behind it is to make it a test suite easier to be analyzed by researchers of source code analysis tools, like this one: https://samate.nist.gov/SARD/view.php?tsID=104

Thanks in advance!

[dguido]

The challenge sets have PATCHED macros that indicate the vulnerability triggers, and it should be straightforward to grep for them in the source code.

Alternatively, you can generate or download the PoVs, run them against the binaries, then translate the crashing address to a line number.

[withzombies]

Unfortunately, our industry doesn't have good terminology here. For a line to be vulnerable or faulty, it could mean several things. Among them it could mean either the line where memory or type safety can first be broken or the line where a crash can be triggered. The PATCHED lines indicate what changes need to be made to maintain memory and type safety. I believe this to be the correct approach since it's specific to to the language and not machine or compiler-specific.