from cBugTranslation import cBugTranslation aoBugTranslations = [] # OOBW@Stack (hide irrelevant frames only) aoBugTranslations.append( cBugTranslation( sOriginalBugTypeId="OOBW@Stack", asOriginalTopStackFrameSymbols=[ "*!__security_check_cookie", ], ))
from cBugTranslation import cBugTranslation aoBugTranslations = [ # Assert -> OOM cBugTranslation( sOriginalBugTypeId="Assert", aasOriginalTopStackFrameSymbols=[ [ "edgecontent.dll!`anonymous namespace'::MemoryLimitWatchdogThreadProc", ], ], sTranslatedBugTypeId="OOM", sTranslatedBugDescription= "The application triggered a breakpoint to indicate it was unable to allocate enough memory.", sTranslatedSecurityImpact=None, ), ]
cBugTranslation(aasAdditionalIrrelevantStackFrameSymbols=[ [ "verifier.dll!AVrfDebugPageHeapAllocate", ], [ "verifier.dll!AVrfDebugPageHeapFree", ], [ "verifier.dll!AVrfpDphCheckNormalHeapBlock", ], [ "verifier.dll!AVrfpDphCheckPageHeapBlock", ], [ "verifier.dll!AVrfpDphCompareNodeForTable", ], [ "verifier.dll!AVrfpDphFindBusyMemory", ], [ "verifier.dll!AVrfpDphFindBusyMemoryAndRemoveFromBusyList", ], [ "verifier.dll!AVrfpDphFindBusyMemoryNoCheck", ], [ "verifier.dll!AVrfpDphNormalHeapFree", ], [ "verifier.dll!AVrfpDphPageHeapFree", ], [ "verifier.dll!AVrfpDphPlaceOnBusyList", ], [ "verifier.dll!AVrfpDphRaiseException", ], [ "verifier.dll!AVrfpDphReportCorruptedBlock", ], [ "verifier.dll!VerifierBreakin", ], [ "verifier.dll!VerifierCaptureContextAndReportStop", ], [ "verifier.dll!VerifierStopMessage", ], ], ),
from cBugTranslation import cBugTranslation; aoBugTranslations = []; # Breakpoint -> OOM aoBugTranslations.append(cBugTranslation( sOriginalBugTypeId = "Breakpoint", asOriginalTopStackFrameSymbols = [ "jscript9.dll!ReportFatalException", "jscript9.dll!JavascriptDispatch_OOM_fatal_error", ], sTranslatedBugTypeId = "OOM", sTranslatedBugDescription = "The application triggered a breakpoint to indicate it was unable to allocate enough memory.", sTranslatedSecurityImpact = None, ));
from cBugTranslation import cBugTranslation; aoBugTranslations = []; aoBugTranslations.append(cBugTranslation( sOriginalBugTypeId = "Breakpoint", asOriginalTopStackFrameSymbols = [ "*!failwithmessage", "*!_RTC_StackFailure", ], aasAdditionalIrrelevantStackFrameSymbols = [ [ "*!_RTC_CheckStackVars", ], [ "*!_RTC_CheckStackVars2", ], ], sTranslatedBugTypeId = "OOBW@Stack", sTranslatedBugDescription = "The Windows Run-Time detected that a stack variable was modified, which suggests an out-of-bounds write on the stack.", sTranslatedSecurityImpact = "Potentially exploitable security issue", ));
from cBugTranslation import cBugTranslation import re aoBugTranslations = [ # C++ -> hide irrelevant frames cBugTranslation( sOriginalBugTypeId="C++", aasAdditionalIrrelevantStackFrameSymbols=[ [ "kernelbase.dll!RaiseException", ], [ "*!_CxxThrowException", ], ], ), # C++:std::bad_alloc -> OOM cBugTranslation( sOriginalBugTypeId="C++:std::bad_alloc", asOriginalTopStackFrameSymbols=[], aasAdditionalIrrelevantStackFrameSymbols=[ [ "kernelbase.dll!RaiseException", ], [ "*!_CxxThrowException", ], [ "*!__scrt_throw_std_bad_alloc", ], ],
import re from cBugTranslation import cBugTranslation aoBugTranslations = [ # Breakpoint -> Ignored cBugTranslation( sOriginalBugTypeId="Breakpoint", asOriginalTopStackFrameSymbols=[ "*!__sanitizer_cov", ], sTranslatedBugTypeId= None, # This is apparently triggered by ASAN builds to determine EIP/RIP. sTranslatedBugDescription=None, sTranslatedSecurityImpact=None, ), # Breakpoint (hide irrelevant frames only) cBugTranslation( sOriginalBugTypeId="Breakpoint", aasAdditionalIrrelevantStackFrameSymbols=[ [ "*!base::debug::BreakDebugger", ], ], ), # Breakpoint -> OOM cBugTranslation( sOriginalBugTypeId="Breakpoint", aasOriginalTopStackFrameSymbols=[ [ "*!base::`anonymous namespace'::OnNoMemory", ],
import re from cBugTranslation import cBugTranslation aoBugTranslations = [ # WRTOriginate => hide irrelevant frames cBugTranslation( sOriginalBugTypeId=re.compile(r"^WRTOriginate\[.*\]$"), aasAdditionalIrrelevantStackFrameSymbols=[ [ "combase.dll!SendReport", ], [ "combase.dll!RoOriginateError", ], ], ), # Stowed[...] => hide irrelevant frames cBugTranslation( sOriginalBugTypeId=re.compile(r"^Stowed\[.+\]$"), aasAdditionalIrrelevantStackFrameSymbols=[ [ "combase.dll!RoFailFastWithErrorContextInternal2", ], [ "*!RoFailFastWithErrorContext", # This function is actually in the binary that contains the code that triggered it. ], ], ), ]
import re; from cBugTranslation import cBugTranslation; aoBugTranslations = [ # These frames are never relevant cBugTranslation( aasAdditionalIrrelevantStackFrameSymbols = [ [ "ntdll.dll!DbgBreakPoint", ], ], ), # Breakpoint -> HeapCorrupt cBugTranslation( sOriginalBugTypeId = "Breakpoint", aasOriginalTopStackFrameSymbols = [ [ "ntdll.dll!RtlReportCriticalFailure", "ntdll.dll!RtlpHeapHandleError", ], [ "ntdll.dll!RtlpBreakPointHeap", ], ], sTranslatedBugTypeId = "HeapCorrupt", sTranslatedBugDescription = "A breakpoint was triggered to indicate heap corruption was detected", sTranslatedSecurityImpact = "This is probably an exploitable security issue", ), # AVR@Reserved -> AVR@CFG cBugTranslation( sOriginalBugTypeId = re.compile(r"^AVR@(Reserved|Invalid)$"), aasOriginalTopStackFrameSymbols = [
import re from cBugTranslation import cBugTranslation aoBugTranslations = [ # Breakpoint -> hide irrelevent stack frames cBugTranslation( sOriginalBugTypeId="Breakpoint", aasAdditionalIrrelevantStackFrameSymbols=[ [ "mozglue.dll!moz_abort", ], [ # This may look to be OOM specific, but the compiler can optimize similar functions with different names to # use the same code, so this symbol may be returned when the source called a different function. "mozglue.dll!mozalloc_abort", ], [ "xul.dll!Abort", ] ], ), # Breakpoint -> OOM cBugTranslation( sOriginalBugTypeId="Breakpoint", aasOriginalTopStackFrameSymbols=[ [ "mozglue.dll!arena_run_split", ], [ "mozglue.dll!mozalloc_handle_oom", ],
aoBugTranslations.append(cBugTranslation( sOriginalBugTypeId = "Breakpoint", aasOriginalTopStackFrameSymbols = [ [ "mozglue.dll!mozalloc_abort", "mozglue.dll!mozalloc_handle_oom", ], [ "mozglue.dll!moz_abort", "mozglue.dll!pages_commit", ], [ "mozglue.dll!moz_abort", "mozglue.dll!arena_run_split", "mozglue.dll!arena_malloc_large", "mozglue.dll!je_malloc", ], [ "xul.dll!js::CrashAtUnhandlableOOM", ], [ "xul.dll!js::AutoEnterOOMUnsafeRegion::crash", ], [ "xul.dll!NS_ABORT_OOM", ], ], aasAdditionalIrrelevantStackFrameSymbols = [ [ "mozglue.dll!moz_xmalloc", ], ], sTranslatedBugTypeId = "OOM", sTranslatedBugDescription = "The application triggered a breakpoint to indicate it was unable to allocate enough memory.", sTranslatedSecurityImpact = None, ));
from cBugTranslation import cBugTranslation aoBugTranslations = [] # AVE@Arbitrary -> Ignored aoBugTranslations.append( cBugTranslation( # corpol.dll can test if DEP is enabled by storing a RET instruction in RW memory and calling it. This causes an # access violation if DEP is enabled, which is caught and handled. Therefore this exception should be ignored: sOriginalBugTypeId="AVE@Arbitrary", asOriginalTopStackFrameSymbols=[ "(unknown)", # The location where the RET instruction is stored is not inside a module and has no symbol. "corpol.dll!IsNxON", ], sTranslatedBugTypeId= None, # This is not a bug; allow the application to continue running. sTranslatedBugDescription=None, sTranslatedSecurityImpact=None, ))
cBugTranslation( sOriginalBugTypeId = "Breakpoint", aasOriginalTopStackFrameSymbols = [ [ "mshtml.dll!ReportFatalException", "mshtml.dll!MarkStack_OOM_fatal_error", ], ], aasAdditionalIrrelevantStackFrameSymbols = [ [ "mshtml.dll!Memory::HeapBucketT<...>::SnailAlloc", ], [ "mshtml.dll!Memory::Recycler::AllocWithAttributesInlined<...>", ], [ "mshtml.dll!Memory::Recycler::CollectNow<...>", ], [ "mshtml.dll!Memory::Recycler::EndMark", ], [ "mshtml.dll!Memory::Recycler::EndMarkCheckOOMRescan", ], [ "mshtml.dll!Memory::Recycler::EndMarkOnLowMemory", ], [ "mshtml.dll!Memory::Recycler::FinishConcurrentCollect", ], [ "mshtml.dll!Memory::Recycler::FinishMark", ], [ "mshtml.dll!Memory::Recycler::NoThrowAllocImplicitRoot", ], [ "mshtml.dll!Memory::Recycler::RealAllocFromBucket<...>", ], [ "mshtml.dll!Memory::Recycler::RootMark", ], [ "mshtml.dll!MemoryProtection::HeapAlloc<...>", ] ], sTranslatedBugTypeId = "OOM", sTranslatedBugDescription = "The application triggered a breakpoint to indicate it was unable to allocate enough memory.", sTranslatedSecurityImpact = None, ),
from cBugTranslation import cBugTranslation aoBugTranslations = [] # Breakpoint -> OOM aoBugTranslations.append( cBugTranslation( sOriginalBugTypeId="Breakpoint", aasOriginalTopStackFrameSymbols=[ [ "chakra.dll!ReportFatalException", "chakra.dll!MarkStack_OOM_fatal_error", ], [ "chakra.dll!ReportFatalException", "chakra.dll!JavascriptDispatch_OOM_fatal_error", ], ], sTranslatedBugTypeId="OOM", sTranslatedBugDescription= "The application triggered a breakpoint to indicate it was unable to allocate enough memory.", sTranslatedSecurityImpact=None, )) # Breakpoint -> Assert aoBugTranslations.append( cBugTranslation( sOriginalBugTypeId="Breakpoint", aasOriginalTopStackFrameSymbols=[ [ "EDGEHTML.dll!Abandonment::InduceAbandonment", ], [
import re from cBugTranslation import cBugTranslation aoBugTranslations = [ # AVE@NULL -> Assert cBugTranslation( sOriginalBugTypeId="AVE@NULL", asOriginalTopStackFrameSymbols=[ "*!v8::base::OS::Abort", ], sTranslatedBugTypeId="Assert", sTranslatedBugDescription= "The application caused an access violation by calling NULL to indicate an assertion failed.", sTranslatedSecurityImpact=None, ), # AVE@NULL -> Assert cBugTranslation( sOriginalBugTypeId="AVE@NULL", asOriginalTopStackFrameSymbols=[ "*!V8_Fatal", ], sTranslatedBugTypeId="Assert", sTranslatedBugDescription= "The application caused an access violation by calling NULL to indicate an assertion failed.", sTranslatedSecurityImpact=None, ), # Assert -> ignore functions cBugTranslation( sOriginalBugTypeId="Assert", aasAdditionalIrrelevantStackFrameSymbols=[ [
import re; from cBugTranslation import cBugTranslation; aoBugTranslations = [ # Breakpoint --> OOM cBugTranslation( sOriginalBugTypeId = "Breakpoint", asOriginalTopStackFrameSymbols = [ "syzyasan_rtl.dll!base::debug::BreakDebugger", "syzyasan_rtl.dll!agent::asan::StackCaptureCache::AllocateCachePage", ], sTranslatedBugTypeId = "OOM", sTranslatedBugDescription = "ASan triggered a breakpoint to indicate it was unable to allocate enough memory.", sTranslatedSecurityImpact = None, ), cBugTranslation( sOriginalBugTypeId = "Breakpoint", asOriginalTopStackFrameSymbols = [ "*!__sanitizer::internal__exit", ], aasAdditionalIrrelevantStackFrameSymbols = [ [ "*!__sanitizer::Die", ], ], sTranslatedBugTypeId = "ASan", sTranslatedBugDescription = "ASan triggered a breakpoint to indicate it detected an issue.", sTranslatedSecurityImpact = "The security implications of this issue are unknown", ), cBugTranslation( sOriginalBugTypeId = "ASan",
import re; from cBugTranslation import cBugTranslation; aoBugTranslations = [ # These frames are never relevant cBugTranslation( aasAdditionalIrrelevantStackFrameSymbols = [ [ "ntdll.dll!DbgBreakPoint", ], ], ), # Breakpoint -> HeapCorrupt cBugTranslation( sOriginalBugTypeId = "Breakpoint", aasOriginalTopStackFrameSymbols = [ [ "ntdll.dll!RtlReportCriticalFailure", "ntdll.dll!RtlpHeapHandleError", ], [ "ntdll.dll!RtlpBreakPointHeap", ], ], sTranslatedBugTypeId = "HeapCorrupt", sTranslatedBugDescription = "A breakpoint was triggered to indicate heap corruption was detected", sTranslatedSecurityImpact = "This is probably an exploitable security issue", ), # OOM, HeapCorrupt, DoubleFree, MisalignedFree, OOBW -> hide irrelevant frames cBugTranslation( sOriginalBugTypeId = re.compile(r"^(OOM|HeapCorrupt|DoubleFree\[.*|MisalignedFree\[.*|OOBW\[.*)$"), aasAdditionalIrrelevantStackFrameSymbols = [
from cBugTranslation import cBugTranslation aoBugTranslations = [] # AVR@Reserved -> AVR@CFG aoBugTranslations.append(cBugTranslation( sOriginalBugTypeId = "AVR@Reserved", aasOriginalTopStackFrameSymbols = [ [ "ntdll.dll!LdrpDispatchUserCallTarget", ], [ "ntdll.dll!LdrpValidateUserCallTargetBitMapCheck", ], [ "ntdll.dll!LdrpValidateUserCallTarget", ], ], sTranslatedBugTypeId = "AVR@CFG", sTranslatedBugDescription = "The process attempted to call a function using an invalid function pointer, " \ "which caused an acces violation exception in Control Flow Guard. This is often caused by a NULL pointer.", sTranslatedSecurityImpact = "Unlikely to be an exploitable security issue, unless you can control the invalid function pointer", ))
from cBugTranslation import cBugTranslation aoBugTranslations = [ # Breakpoint -> hide irrelevant frames cBugTranslation(aasAdditionalIrrelevantStackFrameSymbols=[ [ "chakra.dll!ReportFatalException", ], ], ), # Breakpoint -> OOM cBugTranslation( sOriginalBugTypeId="Breakpoint", aasOriginalTopStackFrameSymbols=[ [ "chakra.dll!MarkStack_OOM_fatal_error", ], [ "chakra.dll!JavascriptDispatch_OOM_fatal_error", ], [ "chakra.dll!OutOfMemory_fatal_error", ], [ "chakra.dll!Js::JavascriptError::ThrowOutOfMemoryError", ], [ "chakra.dll!Js::JavascriptExceptionOperators::ThrowOutOfMemory", ], ], aasAdditionalIrrelevantStackFrameSymbols=[[ "chakra.dll!Js::Exception::RaiseIfScriptActive",
aoBugTranslations = [ # Assert -> OOM cBugTranslation( sOriginalBugTypeId="Assert", asOriginalTopStackFrameSymbols=[ "*!CIsoMalloc::_InitializeEntry", ], aasAdditionalIrrelevantStackFrameSymbols=[ [ "*!CIsoScope::_AllocArtifact", ], [ "*!CIsoSList::AllocArtifact", ], [ "*!CIsoScope::_AllocMessageBuffer", ], [ "*!CIsoScope::AllocMessageBuffer", ], [ "*!IsoAllocMessageBuffer", ], ], sTranslatedBugTypeId="OOM", sTranslatedBugDescription= "The application triggered a fail fast application exit to indicate it was unable to allocate enough memory.", sTranslatedSecurityImpact= "Unlikely to be exploitable, unless you can find a way to avoid this breakpoint.", ), ]
from cBugTranslation import cBugTranslation aoBugTranslations = [ # Breakpoint -> Assert cBugTranslation( sOriginalBugTypeId="Breakpoint", asOriginalTopStackFrameSymbols=[ "edgehtml.dll!Abandonment::InduceAbandonment", ], aasAdditionalIrrelevantStackFrameSymbols=[ [ "edgehtml.dll!Abandonment::AssertionFailed", ], ], sTranslatedBugTypeId="Assert", sTranslatedBugDescription= "The application triggered a breakpoint to indicate an assertion failed.", sTranslatedSecurityImpact= "Unlikely to be exploitable, unless you can find a way to avoid this breakpoint.", ), # Assert -> OOM cBugTranslation( sOriginalBugTypeId="Assert", aasOriginalTopStackFrameSymbols=[ [ "edgehtml.dll!Abandonment::OutOfMemory", ], ], sTranslatedBugTypeId="OOM", sTranslatedBugDescription= "The application triggered a breakpoint to indicate it was unable to allocate enough memory.",
from cBugTranslation import cBugTranslation; aoBugTranslations = [ # * -> hide irrelevant frames cBugTranslation( aasAdditionalIrrelevantStackFrameSymbols = [ [ "kernelbase.dll!DebugBreak", ], [ "kernelbase.dll!RaiseException", ], [ "kernelbase.dll!RaiseFailFastException", ], ], ), # OOM -> hide irrelevant frames cBugTranslation( sOriginalBugTypeId = "OOM", aasAdditionalIrrelevantStackFrameSymbols = [ [ "kernelbase.dll!TerminateProcessOnMemoryExhaustion", ], ], ), ];
from cBugTranslation import cBugTranslation aoBugTranslations = [ # Breakpoint -> hide irrelevant frames cBugTranslation( sOriginalBugTypeId="Breakpoint", aasAdditionalIrrelevantStackFrameSymbols=[ [ "*!wil::details::DebugBreak", ], ], ), # Breakpoint -> Assert cBugTranslation( sOriginalBugTypeId="Breakpoint", asOriginalTopStackFrameSymbols=[ "*!wil::details::ReportFailure", ], sTranslatedBugTypeId="Assert", sTranslatedBugDescription= "The application triggered a debugger breakpoint to indicate an assertion failed.", sTranslatedSecurityImpact= "Unlikely to be exploitable, unless you can find a way to avoid this breakpoint.", ), # AppExit -> Assert cBugTranslation( sOriginalBugTypeId="AppExit", asOriginalTopStackFrameSymbols=[ "*!wil::details::ReportFailure", ], sTranslatedBugTypeId="Assert",
import re from cBugTranslation import cBugTranslation aoBugTranslations = [ # Breakpoint -> Ignored cBugTranslation( sOriginalBugTypeId="Breakpoint", asOriginalTopStackFrameSymbols=[ "*!__sanitizer_cov", ], sTranslatedBugTypeId= None, # This is apparently triggered by ASAN builds to determine EIP/RIP. sTranslatedBugDescription=None, sTranslatedSecurityImpact=None, ), # Breakpoint (hide irrelevant frames only) cBugTranslation( sOriginalBugTypeId="Breakpoint", asOriginalTopStackFrameSymbols=[ "*!base::debug::BreakDebugger", ], ), # Breakpoint -> OOM cBugTranslation( sOriginalBugTypeId="Breakpoint", aasOriginalTopStackFrameSymbols=[ [ "*!base::`anonymous namespace'::OnNoMemory", ], [ "*!base::`anonymous namespace'::OnNoMemory",