Regression testsuite for SoX

sox-devel@lists.sourceforge.net unofficial mirror
 help / color / mirror / code / Atom feed

From: Martin Guy <martinwguy@gmail.com>
To: sox-devel@lists.sourceforge.net
Subject: Regression testsuite for SoX
Date: Mon, 22 Jul 2024 15:04:58 +0200	[thread overview]
Message-ID: <71eeccea-1cd4-4ec4-8d30-69ada7b28da8@gmail.com> (raw)

Hi again!
   I thought this might enjoy you, as they say here.

   It's a regression testsuite for SoX that uses the test files in 
various bug reports to see if SoX is vulnerable to CVEs and other bugs, 
and how.

Two scripts: check.sh runs all the tests against "sox" or a supplied 
binary using

    sox=~/sox-14.4.2/src/soc sh check.sh

and checkall.sh, which you will have to edit, which runs them against 
many different versions of SoX.

You can get it by

     git clone https://codeberg.org/martinwguy/sox_test

An example of checkall.sh run against 14.4.2, Debian bookworm and 42b355 
plus each compiled with the Address Sanitizer on i386 is:

BUG              14.4.2   14.4.2A  bullseye bullseyeAtrixie   trixieA 
42b355   42b355A
BUG-298          ABRT     ASAN     OK       OK       OK       OK 
OK       ASAN
BUG-334          SEGV     ASAN     SEGV     ASAN     2        ASAN 
OK       OK
CVE-2004-0557    OK       OK       OK       OK       ASAN     OK 
OK       OK
CVE-2017-11332   FPE      ASAN     OK       OK       OK       OK 
OK       OK
CVE-2017-11333   OK       ASAN     OK       ASAN     OK       ASAN 
OK       OK
CVE-2017-11358   SEGV     ASAN     OK       OK       OK       OK 
OK       ASAN
CVE-2017-11359   FPE      ASAN     OK       OK       OK       OK 
OK       ASAN
CVE-2017-15370   SEGV     ASAN     SUCC     SUCC     SUCC     SUCC 
OK       OK
CVE-2017-15371   ABRT     ABRT     OK       ASAN     OK       ASAN 
OK       ASAN
CVE-2017-15372   SEGV     ASAN     SUCC     SUCC     SUCC     SUCC 
OK       OK
CVE-2017-15642   OK       ASAN     OK       OK       OK       OK 
OK       ASAN
CVE-2017-18189   SEGV     ASAN     OK       OK       OK       OK 
OK       OK
CVE-2019-1010004 ASAN     ASAN     OK       OK       OK       OK 
OK       OK
CVE-2019-13590   LOOP     LOOP     OK       OK       OK       OK 
OK       OK
CVE-2019-8354    ABRT     ABRT     ABRT     ABRT     ABRT     ABRT 
ABRT     ABRT
CVE-2019-8355    OK       ASAN     OK       OK       OK       OK 
OK       ASAN
CVE-2019-8356    SEGV     ASAN     SUCC     LOOP     SUCC     LOOP 
SUCC     LOOP
CVE-2019-8357    LOOP     LOOP     LOOP     LOOP     LOOP     LOOP 
LOOP     LOOP
CVE-2021-23159   ABRT     ASAN     OK       OK       OK       OK 
ABRT     ASAN
CVE-2021-23172   SEGV     ASAN     OK       OK       OK       OK 
SEGV     ASAN
CVE-2021-23210   SUCC     ASAN     SUCC     ASAN     SUCC     ASAN 
FPE      ASAN
CVE-2021-33844   OK       OK       OK       OK       OK       OK 
FPE      ASAN
CVE-2021-3643    OK       ASAN     OK       ASAN     OK       ASAN 
FPE      ASAN
CVE-2021-40426   OK       OK       OK       OK       OK       OK 
OK       OK
CVE-2022-31650   FPE      ASAN     OK       OK       OK       OK 
FPE      ASAN
CVE-2022-31651   ABRT     ABRT     OK       OK       OK       OK 
ABRT     ABRT
CVE-2023-26590   OK       OK       OK       OK       OK       OK 
OK       OK
CVE-2023-32627   SUCC     ASAN     SUCC     SUCC     SUCC     SUCC 
FPE      ASAN
CVE-2023-34318   SEGV     ASAN     OK       OK       OK       OK 
SEGV     ASAN
CVE-2023-34432   ABRT     ASAN     OK       OK       OK       OK 
OK       ASAN
Fedora-1226675   OK       OK       OK       OK       ASAN     OK 
OK       OK
wavpack-errors   SEGV     ASAN     OK       OK       ASAN     OK 
OK       OK

where

OK	The test succeeded (or failed as it should have failed)
ASAN	The Address sanitizer reported problems.
	These could just be memory leaks, but correspond to exit(1)
	which sox gives only when the command-line parameters are bad.
ABRT	SoX aborted
FPE	SoX got a Floating Point Exception
LOOP	The test ran for more that 10 seconds CPU. THe worst case is 6.5 
seconds.
SEGV	SoX got a FSegmentation fault
OUT	SoX generated an output file when it shouldn't have
SUCC	SoX gave exit 0 when it should have failed

I'd be interested to hear of checj.sh's output on systems other than 
Debian bookworm

Blessings

    M


_______________________________________________
SoX-devel mailing list
SoX-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sox-devel

                 reply	other threads:[~2024-07-22 13:05 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.sourceforge.net/lists/listinfo/sox-devel

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=71eeccea-1cd4-4ec4-8d30-69ada7b28da8@gmail.com \
    --to=sox-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/sox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).