Головна сторінка Огляд Довідка
Увійти
j3tracey
/
grading-on-a-curve
1
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: afdd747eb6
Гілки Теги
grading-on-a...
/
data
/
hand-annotated
/
c++.csv

c++.csv 9.2 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. project	issue	bugzilla form?	fix(es)	inducer(s)	memory safety	valid	count	notes	
    2. 

  2. css	827591		da1c0a3d9e951b3a5f4cfa9f763304014958524d	6adcd0523ceceff6b609201bcfa44cac3ef920fb	1		1		
    3. 

  3. css	955913		f46f8c14366bbcf507bd3656fe1c9fe73249dfeb	a8cf86e4b78c83844db3af3982a3df662c0327c0	1		1		
    4. 

  4. css	1025267		7b5cb65169005f6967ac39b64b58534e2ece6ba7	4db79cc0f9d8e38b30c8d00238baf53da67b0e36	0	no		VCC predates security bug tracking	
    5. 

  5. css	1041512	yes	9e08b4d2488e4b86959c18645643f830a0e0ad60	8174f98f222d09734a870a7797e7a434afac9372	1	no		VCC was introduced in a file that was not deleted as part of oxidation, and was later moved to a file that was	
    6. 

  6. css	1077687	yes	1aceb17cf63a9b317abb3310d5d276471e4bb392	c011970f03885bda3ab81cf5af35201b56b3f406	1		1		
    7. 

  7. css	1092363	yes	301463dc2087ffeb3a76d9c34f906b5945acf4b6	99097814d60268b4e707abb46b501cb3d1a501ed	1		1		
    8. 

  8. css	1127198	yes	635933d3f87fa2b076eace741e4df207c41f6043	a60c564803f80b1f456ad6cd7014723a5a3914d7	1		1		
    9. 

  9. css	1146101	yes	5ed02337c87c3d07c7f4b8dc6c20b23560deb8f5	99097814d60268b4e707abb46b501cb3d1a501ed	1		1		
    10. 

  10. css	1181011		3585bedd89bc8a96ce921b76990d3e5a4ed313be	225f3dd70d8a89a1d87ea8a631e6c859fb17457b	1		1		
    11. 

  11. css	1230639	yes	8eff629f46edf8095e4abe17d0e4ae6458fb4c5e	82ee685e15e57711c652bb1682a71330741707b3	1		1		
    12. 

  12. css	1353312	yes	db8e759c6654a09aa851384768d580fb632b7274	a1dea9b4fc8568e83db4fc71132be54ea227e272	1		1		
    13. 

  13. cubeb-macos	1614971		210f8ccbc5968c5765699020746bf42fecff8548	b2ea3d02939d7951a9c1bb788f1c5763b9cdbdfb	1		1	fix is from version import even though macos portion of C++ was already unused by then (see Rust analysis)	
    14. 

  14. japanese-encoding	780979		c987a78b883b2fc328b5113e7bde64ec95473f2	4322faf5044b966380fab44fad57801264b72345	1	no		VCC predates security bug tracking	
    15. 

  15. japanese-encoding	801330		a1592dc47c8e72c30103ad21d72f45a79c628e5d	4322faf5044b966380fab44fad57801264b72345	1	no		VCC predates security bug tracking	
    16. 

  16. hyphenation	1390550		bd606d11904d4c62fe4cac0a80da0df9e8f4a2d1	62ced97631409332ffe5a5b9b32794316f141a9b	1		1	upstream commit is	5a60cb75a9dd9034331df216c2d3f59e1a08fc9a
    17. 

  17. hyphenation	1448771		9ff23d9c3af0e58b2b16fca7b3c04642ebee9f2a	62ced97631409332ffe5a5b9b32794316f141a9b	1		1	upstream commit is	5a60cb75a9dd9034331df216c2d3f59e1a08fc9a
    18. 

  18. layers	793065		ed5ba29431970bbbc6ee0184f4a03f145769c598	368f4de891c58dae46a25de9c8e789a20c868fcc	1	no		VCC predates security bug tracking	
    19. 

  19. layers	963974		fc6b63874da4a24440d6fad4f8c6314545255e83	6c5bb2cc06966fa16bc180c45f4f07169ccb2011	1		1		
    20. 

  20. layers	1072877	yes (incorrect for our purposes)	e381d1456da7626ee710e73a081964ec7a47fddd	d301df5d459b7ccec7c5fd99149b3645aa667a2a	1		1		
    21. 

  21. layers	1074280	yes	391dd9ad59b71afa76919f80b8f8a019318e2e45	b951f3597d034341473c2b17df3e7dea68d2c5b9	1	no		VCC predates security bug tracking	
    22. 

  22. layers	1082986	yes	11b001307a623cd4222e65a387b8aa9055546cfa	41fa2ab6fd1e8df907fff0905078c11efa81e4b1	1		1		
    23. 

  23. layers	1107009		421e78dd674dccca2009fde198722dd9459816f7	2949a9f18bd68bf06170da90821b61b5ad5bf5f5	1		1	VCC is a best guess (it added the code that should only be called from the main thread and that was causing the bug but it is unclear if the other threads started using it immediately or in some later commit). In any case the commit could have prevented or detected the bug via assertions.	
    24. 

  24. layers	1122722	yes	bad8bf235d06b3592a6b858afcb1ddea67ee5932	8baed26d9b7b9f02fa63ec3c0397b8da4ed99141	0		1		
    25. 

  25. layers	1167356		101316199629532508a83c130893c1e88c8a9c40	b605651fddd381523feaa11bef0026d3da6d3b96,fdb4be9e33f50503d3a75ea815f99528da32a5bf	1	yes,no	1	actually fixes a good-sized list of vulnerabilities all of the same form (forgetting to check the return value of a Map method before using memory it was responsible for allocating). Two VCCs are for the files removed by Oxidation.	
    26. 

  26. layers	1191463		991ab71c3494c5d2b22700ede3e96212f74487b5	6624d1aefe3368807d498df3759c2a2a0b1d2588	1		1		
    27. 

  27. layers	1283826	yes	85a734ff8d13149a6b1468e6162d0a4075d02bec	733dca91239848758542adf4489bb06172efe7f4	1		1		
    28. 

  28. layers	1307458	yes	2df50d5706d74b5601b2ec6a234bfdd074ad2e39	5b3ab326b6956c181338a1b39c3e6f9a17d24d13	1		1		
    29. 

  29. layers	1363280	yes	9825a21a174d8cf9aba12d911c209bee8e57ece8	afdf8e01dd69dc75c88acebafd773508f97f91e4	1		1		
    30. 

  30. layers	1369560	yes	9df1db2e879a1b8d8496bd03dea15a064274beb8	95a17ea52c6c4d614adf2aebf4dc4d873b52c897	0		1		
    31. 

  31. layers	1382829		33346c4c1b93009ae9c2a7f6e2620041fd14ec65	6376e2c6bb8b771dd6513156d84ac13b0f15c7f0	1		1		
    32. 

  32. layers	1387659	yes	9ec076488969b9083ed934904aac753a99691b71	504484a45696d5d089e3781af3e4595295be9eda	1		1		
    33. 

  33. layers	1388020	yes	679c14a9c452896516541efaf20bcacbfee07ea9	8592c4c12d6d5a87c5e14e0268ca5e78af2291e0	1		1		
    34. 

  34. layers	1395138		7417b9b0d4140286cbf485b6ac010f7db95b940f	4f8f5212b2407a12a4611eb1711ce5d57799faa4	1		1	Mozilla never identified cause but this seems like the most likely origin even if something else ultimately exposed it	
    35. 

  35. layers	1452375	yes	fc530ca3167058f975212a75c0524f50d0321f24	a5fc6a819fb89b6b587fc92d82f592eef3dc5bd5	1		1		
    36. 

  36. layers	1496413	yes	d511b3b696392984359ae7957a8ed1ac1388eef9	7e8f4657993e913c8ed6707db170142d51e2b289	1		1		
    37. 

  37. layers	1538736		546c396de9a999d1994fb861fb08dee2e47bb0e0	1a997e96bc34f00d04e7f42fdb8dd7d9f80bd471	1		1	Actual cause never established but this introduced the code that could have prevented it	
    38. 

  38. layers	1613009		4795d60bd927118475ecae0a5db8c6002c4f3317	8f2c88cbf670912edcd70596f387e941cdc434c1	1		1		
    39. 

  39. qcms	761014		5885617fc0ee6e15cb15192c77febd69e27e3cb8	e6e07e47b00c0c7765c0c5a1f4b6e1001a55d70f	1	no		Fixed via 764181 to avoid attention on vuln, VCC predates security bug tracking	
    40. 

  40. qcms	839621		8dbfb840d9a2410455b61688d5c5067a8ece17e4	d60517eb9d826a54b80d6d7d25022bae0585e24e	1	no			
    41. 

  41. qcms	969226		8fcbd56508d6fd1c37add850d4f5728a7ec73a5a	52c97edf1ed8b51f5cac4b2e7d824cd7e5f29c0a	1	no		Not actually exploitable	
    42. 

  42. qcms	1132467		509337a1a0b16cbc5c364ed6b5b2b596b0d1c728	52c97edf1ed8b51f5cac4b2e7d824cd7e5f29c0a	1	no			
    43. 

  43. qcms	1132468		27b42e9142414650884354d0087070c6220d8718	e6e07e47b00c0c7765c0c5a1f4b6e1001a55d70f,52c97edf1ed8b51f5cac4b2e7d824cd7e5f29c0a	1	no,no		multiple vulns over two commits	
    44. 

  44. qcms	1166252		58bb8fc72f9e3021efd9874d39dcf63d27a1afb1	52c97edf1ed8b51f5cac4b2e7d824cd7e5f29c0a	1	no			
    45. 

  45. qcms	1464039		fdf1d9bbb2518dc4f17d79d0d10b48b33ab3376d	e6e07e47b00c0c7765c0c5a1f4b6e1001a55d70f	1	no		This could arguably be blamed on 58bb8fc72f9e3021efd9874d39dcf63d27a1afb1 since it attempted to address this problem and failed to do so completely. The fix commit should also be 7b8229b86bb69152d6720a8df02cc614691eb89c which was added because the initial fix turned valid execution paths into crashes.	
    46. 

  46. stagefright	1048517		6a71a89b014d84d884ec79176318588797412bb9	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1		
    47. 

  47. stagefright	1144107	yes	03d7a25152938863695b54f317cc8fb7bc34ca09	7aa64494dfef6c6b9967f500885e30a03b74c48a	0		1	Actually 3 potential vulns in one part of the code	
    48. 

  48. stagefright	1144107	yes	76090b241e15eca718438c73930229594ad6830f	f156664cf8f5e355339f39d6e1e64fdb9cae4e91	0		1		
    49. 

  49. stagefright	1144107	yes	95bf127594a4b581fa3d3cd510c06b4b76da85f0	ba9a83adedce80e906f183c317455ba242487417	0		1		
    50. 

  50. stagefright	1149605	yes	d51ead79d52511af0e2bb1cb164e5785e6ee5302	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1		
    51. 

  51. stagefright	1154672		0e46a78213c30262d81ddef4777460d1ebf1b317	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1		
    52. 

  52. stagefright	1154683	yes	0e46a78213c30262d81ddef4777460d1ebf1b317	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1		
    53. 

  53. stagefright	1158568	yes (incorrect for our purposes)	aa8f8fc0d2151d8fc7bf49573fbb583e655d16d6	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1		
    54. 

  54. stagefright	1184871		89e5d96fae85abb21170de8456a887650ebce673	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1		
    55. 

  55. stagefright	1185115	yes	fdad9271bf2eab01ef92e344307d0e7583c236c4	469e420982a31ef9d9d33acbf80871ca5dab5692,7aa64494dfef6c6b9967f500885e30a03b74c48a	1		2	many vulns but we’ll count as two	
    56. 

  56. stagefright	1186715		03b4683f2cbf360e9f6071ba49a71a8df5f712b2	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1	actual cause never established (just a guess)	
    57. 

  57. stagefright	1186718	yes	89e5d96fae85abb21170de8456a887650ebce673	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1		
    58. 

  58. stagefright	1204580		1fe648369985406d4fc84ae864cc08796d4c2a4f	d66cd54dfd76e11e6be7fd610a02be30345af212	0		1		
    59. 

  59. stagefright	1216748		11139b4935301dfa24e779b1ae4bd000409957aa	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1		
    60. 

  60. stagefright	1227052		ed2eee2066b0cf9f9ef980ca05e41dd61493965f	7aa64494dfef6c6b9967f500885e30a03b74c48a	1		1	not exploitable in ff but abstractly a security bug	
    61. 

  61. stagefright	1254721	yes	c2467e583e0d638d1ede5fe88f1a2bfd73f303ee	a0d1bf988dc1fc47631c884edd810f5d8ad2c5b8	1		1		
    62. 

  62. uconv	415491		decd558ea256f528f4d3a07d32f10d024c4307a6	44c2409acd437d71e60896c61289a7960db69a39		no		VCC predates security bug tracking	
    63. 

  63. uconv	814254		51efa01fca4e1c8cd7a6a603950b2e84f24af8a2	c912fce892fd377511d8d77c8fbca6e3a331da17		no		VCC predates security bug tracking	
    64. 

  64. uconv	1170794		45578e03fa30c4d604c6e78786d02ee32f5e7873	99011ec3ca19e2e3b16e08bb9e6fa572e597a2b6,f6972dcca3d6551ec2e4892cf86bf33db19dce09,9997d13b08d84383be2f58b91c3492660ce2e304,5b4bb14a66a24e433c5a5695ce27710cbb1070c9		no		multiple vulns of same form (int overflow) fixed in one patch, VCC predates security bug tracking	
    65. 

  65. uconv	1255863		9696b4bdf60c24bd552387e123fd0ac8965f1461	d58e92eb5da3013cdcb77b441312ed3b8e60274f		no		VCC predates security bug tracking	
    66. 

  66. uconv	1336836		26a8c610e53b2f116de8205c701c2a2a90788857	5e143ef9ca98972e12e5a07cd755c0a8b0a15581	1		1		
    67.