from cBugTranslation import cBugTranslation
aoBugTranslations = []
# OOBW@Stack (hide irrelevant frames only)
aoBugTranslations.append(
cBugTranslation(
sOriginalBugTypeId="OOBW@Stack",
asOriginalTopStackFrameSymbols=[
"*!__security_check_cookie",
],
))
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# Assert -> OOM
cBugTranslation(
sOriginalBugTypeId="Assert",
aasOriginalTopStackFrameSymbols=[
[
"edgecontent.dll!`anonymous namespace'::MemoryLimitWatchdogThreadProc",
],
],
sTranslatedBugTypeId="OOM",
sTranslatedBugDescription=
"The application triggered a breakpoint to indicate it was unable to allocate enough memory.",
sTranslatedSecurityImpact=None,
),
]
cBugTranslation(aasAdditionalIrrelevantStackFrameSymbols=[
[
"verifier.dll!AVrfDebugPageHeapAllocate",
],
[
"verifier.dll!AVrfDebugPageHeapFree",
],
[
"verifier.dll!AVrfpDphCheckNormalHeapBlock",
],
[
"verifier.dll!AVrfpDphCheckPageHeapBlock",
],
[
"verifier.dll!AVrfpDphCompareNodeForTable",
],
[
"verifier.dll!AVrfpDphFindBusyMemory",
],
[
"verifier.dll!AVrfpDphFindBusyMemoryAndRemoveFromBusyList",
],
[
"verifier.dll!AVrfpDphFindBusyMemoryNoCheck",
],
[
"verifier.dll!AVrfpDphNormalHeapFree",
],
[
"verifier.dll!AVrfpDphPageHeapFree",
],
[
"verifier.dll!AVrfpDphPlaceOnBusyList",
],
[
"verifier.dll!AVrfpDphRaiseException",
],
[
"verifier.dll!AVrfpDphReportCorruptedBlock",
],
[
"verifier.dll!VerifierBreakin",
],
[
"verifier.dll!VerifierCaptureContextAndReportStop",
],
[
"verifier.dll!VerifierStopMessage",
],
], ),
from cBugTranslation import cBugTranslation;
aoBugTranslations = [];
# Breakpoint -> OOM
aoBugTranslations.append(cBugTranslation(
sOriginalBugTypeId = "Breakpoint",
asOriginalTopStackFrameSymbols = [
"jscript9.dll!ReportFatalException",
"jscript9.dll!JavascriptDispatch_OOM_fatal_error",
],
sTranslatedBugTypeId = "OOM",
sTranslatedBugDescription = "The application triggered a breakpoint to indicate it was unable to allocate enough memory.",
sTranslatedSecurityImpact = None,
));
from cBugTranslation import cBugTranslation;
aoBugTranslations = [];
aoBugTranslations.append(cBugTranslation(
sOriginalBugTypeId = "Breakpoint",
asOriginalTopStackFrameSymbols = [
"*!failwithmessage",
"*!_RTC_StackFailure",
],
aasAdditionalIrrelevantStackFrameSymbols = [
[
"*!_RTC_CheckStackVars",
], [
"*!_RTC_CheckStackVars2",
],
],
sTranslatedBugTypeId = "OOBW@Stack",
sTranslatedBugDescription = "The Windows Run-Time detected that a stack variable was modified, which suggests an out-of-bounds write on the stack.",
sTranslatedSecurityImpact = "Potentially exploitable security issue",
));
from cBugTranslation import cBugTranslation
import re
aoBugTranslations = [
# C++ -> hide irrelevant frames
cBugTranslation(
sOriginalBugTypeId="C++",
aasAdditionalIrrelevantStackFrameSymbols=[
[
"kernelbase.dll!RaiseException",
],
[
"*!_CxxThrowException",
],
],
),
# C++:std::bad_alloc -> OOM
cBugTranslation(
sOriginalBugTypeId="C++:std::bad_alloc",
asOriginalTopStackFrameSymbols=[],
aasAdditionalIrrelevantStackFrameSymbols=[
[
"kernelbase.dll!RaiseException",
],
[
"*!_CxxThrowException",
],
[
"*!__scrt_throw_std_bad_alloc",
],
],
import re
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# Breakpoint -> Ignored
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
asOriginalTopStackFrameSymbols=[
"*!__sanitizer_cov",
],
sTranslatedBugTypeId=
None, # This is apparently triggered by ASAN builds to determine EIP/RIP.
sTranslatedBugDescription=None,
sTranslatedSecurityImpact=None,
),
# Breakpoint (hide irrelevant frames only)
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasAdditionalIrrelevantStackFrameSymbols=[
[
"*!base::debug::BreakDebugger",
],
],
),
# Breakpoint -> OOM
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasOriginalTopStackFrameSymbols=[
[
"*!base::`anonymous namespace'::OnNoMemory",
],
import re
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# WRTOriginate => hide irrelevant frames
cBugTranslation(
sOriginalBugTypeId=re.compile(r"^WRTOriginate\[.*\]$"),
aasAdditionalIrrelevantStackFrameSymbols=[
[
"combase.dll!SendReport",
],
[
"combase.dll!RoOriginateError",
],
],
),
# Stowed[...] => hide irrelevant frames
cBugTranslation(
sOriginalBugTypeId=re.compile(r"^Stowed\[.+\]$"),
aasAdditionalIrrelevantStackFrameSymbols=[
[
"combase.dll!RoFailFastWithErrorContextInternal2",
],
[
"*!RoFailFastWithErrorContext", # This function is actually in the binary that contains the code that triggered it.
],
],
),
]
import re;
from cBugTranslation import cBugTranslation;
aoBugTranslations = [
# These frames are never relevant
cBugTranslation(
aasAdditionalIrrelevantStackFrameSymbols = [
[
"ntdll.dll!DbgBreakPoint",
],
],
),
# Breakpoint -> HeapCorrupt
cBugTranslation(
sOriginalBugTypeId = "Breakpoint",
aasOriginalTopStackFrameSymbols = [
[
"ntdll.dll!RtlReportCriticalFailure",
"ntdll.dll!RtlpHeapHandleError",
], [
"ntdll.dll!RtlpBreakPointHeap",
],
],
sTranslatedBugTypeId = "HeapCorrupt",
sTranslatedBugDescription = "A breakpoint was triggered to indicate heap corruption was detected",
sTranslatedSecurityImpact = "This is probably an exploitable security issue",
),
# AVR@Reserved -> AVR@CFG
cBugTranslation(
sOriginalBugTypeId = re.compile(r"^AVR@(Reserved|Invalid)$"),
aasOriginalTopStackFrameSymbols = [
import re
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# Breakpoint -> hide irrelevent stack frames
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasAdditionalIrrelevantStackFrameSymbols=[
[
"mozglue.dll!moz_abort",
],
[
# This may look to be OOM specific, but the compiler can optimize similar functions with different names to
# use the same code, so this symbol may be returned when the source called a different function.
"mozglue.dll!mozalloc_abort",
],
[
"xul.dll!Abort",
]
],
),
# Breakpoint -> OOM
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasOriginalTopStackFrameSymbols=[
[
"mozglue.dll!arena_run_split",
],
[
"mozglue.dll!mozalloc_handle_oom",
],
aoBugTranslations.append(cBugTranslation(
sOriginalBugTypeId = "Breakpoint",
aasOriginalTopStackFrameSymbols = [
[
"mozglue.dll!mozalloc_abort",
"mozglue.dll!mozalloc_handle_oom",
], [
"mozglue.dll!moz_abort",
"mozglue.dll!pages_commit",
], [
"mozglue.dll!moz_abort",
"mozglue.dll!arena_run_split",
"mozglue.dll!arena_malloc_large",
"mozglue.dll!je_malloc",
], [
"xul.dll!js::CrashAtUnhandlableOOM",
], [
"xul.dll!js::AutoEnterOOMUnsafeRegion::crash",
], [
"xul.dll!NS_ABORT_OOM",
],
],
aasAdditionalIrrelevantStackFrameSymbols = [
[
"mozglue.dll!moz_xmalloc",
],
],
sTranslatedBugTypeId = "OOM",
sTranslatedBugDescription = "The application triggered a breakpoint to indicate it was unable to allocate enough memory.",
sTranslatedSecurityImpact = None,
));
from cBugTranslation import cBugTranslation
aoBugTranslations = []
# AVE@Arbitrary -> Ignored
aoBugTranslations.append(
cBugTranslation(
# corpol.dll can test if DEP is enabled by storing a RET instruction in RW memory and calling it. This causes an
# access violation if DEP is enabled, which is caught and handled. Therefore this exception should be ignored:
sOriginalBugTypeId="AVE@Arbitrary",
asOriginalTopStackFrameSymbols=[
"(unknown)", # The location where the RET instruction is stored is not inside a module and has no symbol.
"corpol.dll!IsNxON",
],
sTranslatedBugTypeId=
None, # This is not a bug; allow the application to continue running.
sTranslatedBugDescription=None,
sTranslatedSecurityImpact=None,
))
cBugTranslation(
sOriginalBugTypeId = "Breakpoint",
aasOriginalTopStackFrameSymbols = [
[
"mshtml.dll!ReportFatalException",
"mshtml.dll!MarkStack_OOM_fatal_error",
],
],
aasAdditionalIrrelevantStackFrameSymbols = [
[
"mshtml.dll!Memory::HeapBucketT<...>::SnailAlloc",
], [
"mshtml.dll!Memory::Recycler::AllocWithAttributesInlined<...>",
], [
"mshtml.dll!Memory::Recycler::CollectNow<...>",
], [
"mshtml.dll!Memory::Recycler::EndMark",
], [
"mshtml.dll!Memory::Recycler::EndMarkCheckOOMRescan",
], [
"mshtml.dll!Memory::Recycler::EndMarkOnLowMemory",
], [
"mshtml.dll!Memory::Recycler::FinishConcurrentCollect",
], [
"mshtml.dll!Memory::Recycler::FinishMark",
], [
"mshtml.dll!Memory::Recycler::NoThrowAllocImplicitRoot",
], [
"mshtml.dll!Memory::Recycler::RealAllocFromBucket<...>",
], [
"mshtml.dll!Memory::Recycler::RootMark",
], [
"mshtml.dll!MemoryProtection::HeapAlloc<...>",
]
],
sTranslatedBugTypeId = "OOM",
sTranslatedBugDescription = "The application triggered a breakpoint to indicate it was unable to allocate enough memory.",
sTranslatedSecurityImpact = None,
),
from cBugTranslation import cBugTranslation
aoBugTranslations = []
# Breakpoint -> OOM
aoBugTranslations.append(
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasOriginalTopStackFrameSymbols=[
[
"chakra.dll!ReportFatalException",
"chakra.dll!MarkStack_OOM_fatal_error",
],
[
"chakra.dll!ReportFatalException",
"chakra.dll!JavascriptDispatch_OOM_fatal_error",
],
],
sTranslatedBugTypeId="OOM",
sTranslatedBugDescription=
"The application triggered a breakpoint to indicate it was unable to allocate enough memory.",
sTranslatedSecurityImpact=None,
))
# Breakpoint -> Assert
aoBugTranslations.append(
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasOriginalTopStackFrameSymbols=[
[
"EDGEHTML.dll!Abandonment::InduceAbandonment",
],
[
import re
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# AVE@NULL -> Assert
cBugTranslation(
sOriginalBugTypeId="AVE@NULL",
asOriginalTopStackFrameSymbols=[
"*!v8::base::OS::Abort",
],
sTranslatedBugTypeId="Assert",
sTranslatedBugDescription=
"The application caused an access violation by calling NULL to indicate an assertion failed.",
sTranslatedSecurityImpact=None,
),
# AVE@NULL -> Assert
cBugTranslation(
sOriginalBugTypeId="AVE@NULL",
asOriginalTopStackFrameSymbols=[
"*!V8_Fatal",
],
sTranslatedBugTypeId="Assert",
sTranslatedBugDescription=
"The application caused an access violation by calling NULL to indicate an assertion failed.",
sTranslatedSecurityImpact=None,
),
# Assert -> ignore functions
cBugTranslation(
sOriginalBugTypeId="Assert",
aasAdditionalIrrelevantStackFrameSymbols=[
[
import re;
from cBugTranslation import cBugTranslation;
aoBugTranslations = [
# Breakpoint --> OOM
cBugTranslation(
sOriginalBugTypeId = "Breakpoint",
asOriginalTopStackFrameSymbols = [
"syzyasan_rtl.dll!base::debug::BreakDebugger",
"syzyasan_rtl.dll!agent::asan::StackCaptureCache::AllocateCachePage",
],
sTranslatedBugTypeId = "OOM",
sTranslatedBugDescription = "ASan triggered a breakpoint to indicate it was unable to allocate enough memory.",
sTranslatedSecurityImpact = None,
),
cBugTranslation(
sOriginalBugTypeId = "Breakpoint",
asOriginalTopStackFrameSymbols = [
"*!__sanitizer::internal__exit",
],
aasAdditionalIrrelevantStackFrameSymbols = [
[
"*!__sanitizer::Die",
],
],
sTranslatedBugTypeId = "ASan",
sTranslatedBugDescription = "ASan triggered a breakpoint to indicate it detected an issue.",
sTranslatedSecurityImpact = "The security implications of this issue are unknown",
),
cBugTranslation(
sOriginalBugTypeId = "ASan",
import re;
from cBugTranslation import cBugTranslation;
aoBugTranslations = [
# These frames are never relevant
cBugTranslation(
aasAdditionalIrrelevantStackFrameSymbols = [
[
"ntdll.dll!DbgBreakPoint",
],
],
),
# Breakpoint -> HeapCorrupt
cBugTranslation(
sOriginalBugTypeId = "Breakpoint",
aasOriginalTopStackFrameSymbols = [
[
"ntdll.dll!RtlReportCriticalFailure",
"ntdll.dll!RtlpHeapHandleError",
], [
"ntdll.dll!RtlpBreakPointHeap",
],
],
sTranslatedBugTypeId = "HeapCorrupt",
sTranslatedBugDescription = "A breakpoint was triggered to indicate heap corruption was detected",
sTranslatedSecurityImpact = "This is probably an exploitable security issue",
),
# OOM, HeapCorrupt, DoubleFree, MisalignedFree, OOBW -> hide irrelevant frames
cBugTranslation(
sOriginalBugTypeId = re.compile(r"^(OOM|HeapCorrupt|DoubleFree\[.*|MisalignedFree\[.*|OOBW\[.*)$"),
aasAdditionalIrrelevantStackFrameSymbols = [
from cBugTranslation import cBugTranslation
aoBugTranslations = []
# AVR@Reserved -> AVR@CFG
aoBugTranslations.append(cBugTranslation(
sOriginalBugTypeId = "AVR@Reserved",
aasOriginalTopStackFrameSymbols = [
[
"ntdll.dll!LdrpDispatchUserCallTarget",
], [
"ntdll.dll!LdrpValidateUserCallTargetBitMapCheck",
], [
"ntdll.dll!LdrpValidateUserCallTarget",
],
],
sTranslatedBugTypeId = "AVR@CFG",
sTranslatedBugDescription = "The process attempted to call a function using an invalid function pointer, " \
"which caused an acces violation exception in Control Flow Guard. This is often caused by a NULL pointer.",
sTranslatedSecurityImpact = "Unlikely to be an exploitable security issue, unless you can control the invalid function pointer",
))
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# Breakpoint -> hide irrelevant frames
cBugTranslation(aasAdditionalIrrelevantStackFrameSymbols=[
[
"chakra.dll!ReportFatalException",
],
], ),
# Breakpoint -> OOM
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasOriginalTopStackFrameSymbols=[
[
"chakra.dll!MarkStack_OOM_fatal_error",
],
[
"chakra.dll!JavascriptDispatch_OOM_fatal_error",
],
[
"chakra.dll!OutOfMemory_fatal_error",
],
[
"chakra.dll!Js::JavascriptError::ThrowOutOfMemoryError",
],
[
"chakra.dll!Js::JavascriptExceptionOperators::ThrowOutOfMemory",
],
],
aasAdditionalIrrelevantStackFrameSymbols=[[
"chakra.dll!Js::Exception::RaiseIfScriptActive",
aoBugTranslations = [
# Assert -> OOM
cBugTranslation(
sOriginalBugTypeId="Assert",
asOriginalTopStackFrameSymbols=[
"*!CIsoMalloc::_InitializeEntry",
],
aasAdditionalIrrelevantStackFrameSymbols=[
[
"*!CIsoScope::_AllocArtifact",
],
[
"*!CIsoSList::AllocArtifact",
],
[
"*!CIsoScope::_AllocMessageBuffer",
],
[
"*!CIsoScope::AllocMessageBuffer",
],
[
"*!IsoAllocMessageBuffer",
],
],
sTranslatedBugTypeId="OOM",
sTranslatedBugDescription=
"The application triggered a fail fast application exit to indicate it was unable to allocate enough memory.",
sTranslatedSecurityImpact=
"Unlikely to be exploitable, unless you can find a way to avoid this breakpoint.",
),
]
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# Breakpoint -> Assert
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
asOriginalTopStackFrameSymbols=[
"edgehtml.dll!Abandonment::InduceAbandonment",
],
aasAdditionalIrrelevantStackFrameSymbols=[
[
"edgehtml.dll!Abandonment::AssertionFailed",
],
],
sTranslatedBugTypeId="Assert",
sTranslatedBugDescription=
"The application triggered a breakpoint to indicate an assertion failed.",
sTranslatedSecurityImpact=
"Unlikely to be exploitable, unless you can find a way to avoid this breakpoint.",
),
# Assert -> OOM
cBugTranslation(
sOriginalBugTypeId="Assert",
aasOriginalTopStackFrameSymbols=[
[
"edgehtml.dll!Abandonment::OutOfMemory",
],
],
sTranslatedBugTypeId="OOM",
sTranslatedBugDescription=
"The application triggered a breakpoint to indicate it was unable to allocate enough memory.",
from cBugTranslation import cBugTranslation;
aoBugTranslations = [
# * -> hide irrelevant frames
cBugTranslation(
aasAdditionalIrrelevantStackFrameSymbols = [
[
"kernelbase.dll!DebugBreak",
], [
"kernelbase.dll!RaiseException",
], [
"kernelbase.dll!RaiseFailFastException",
],
],
),
# OOM -> hide irrelevant frames
cBugTranslation(
sOriginalBugTypeId = "OOM",
aasAdditionalIrrelevantStackFrameSymbols = [
[
"kernelbase.dll!TerminateProcessOnMemoryExhaustion",
],
],
),
];
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# Breakpoint -> hide irrelevant frames
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasAdditionalIrrelevantStackFrameSymbols=[
[
"*!wil::details::DebugBreak",
],
],
),
# Breakpoint -> Assert
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
asOriginalTopStackFrameSymbols=[
"*!wil::details::ReportFailure",
],
sTranslatedBugTypeId="Assert",
sTranslatedBugDescription=
"The application triggered a debugger breakpoint to indicate an assertion failed.",
sTranslatedSecurityImpact=
"Unlikely to be exploitable, unless you can find a way to avoid this breakpoint.",
),
# AppExit -> Assert
cBugTranslation(
sOriginalBugTypeId="AppExit",
asOriginalTopStackFrameSymbols=[
"*!wil::details::ReportFailure",
],
sTranslatedBugTypeId="Assert",
import re
from cBugTranslation import cBugTranslation
aoBugTranslations = [
# Breakpoint -> Ignored
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
asOriginalTopStackFrameSymbols=[
"*!__sanitizer_cov",
],
sTranslatedBugTypeId=
None, # This is apparently triggered by ASAN builds to determine EIP/RIP.
sTranslatedBugDescription=None,
sTranslatedSecurityImpact=None,
),
# Breakpoint (hide irrelevant frames only)
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
asOriginalTopStackFrameSymbols=[
"*!base::debug::BreakDebugger",
],
),
# Breakpoint -> OOM
cBugTranslation(
sOriginalBugTypeId="Breakpoint",
aasOriginalTopStackFrameSymbols=[
[
"*!base::`anonymous namespace'::OnNoMemory",
],
[
"*!base::`anonymous namespace'::OnNoMemory",
