Reappearance/Mutation of Buffer Overflow in ID3v2 tags
To allow users of WinAmp the ability to keep track of the MP3 music files they are using, WinAmp uses an ID3 tag in which the user can enter title, artist, album and other information. However, if too much data is entered into these ID3 tags, the program has buffer overflow vulnerability. The bug was originally fixed throughout version 2, but has since returned in version 5 with a mutation.
NullSoft's WinAmp is a multimedia player designed mostly for playing MP3 music files. The player makes use of ID3 tags, which allow users to record information about the song, such as the artist, title, track number, etc.
This example demonstrates the use of Regression testing. We use Regression testing to ensure that the bugs we have already encountered do not reappear in later versions of the program after they have been fixed. Regression testing is not a specified type of testing, rather it is more the awareness and implementation of past testing techniques to monitor applications for the reappearance of issues or the breaking of a working function by new code.
In this example on ID3 tags in WinAmp, we have many different input boxes and types of input that can go in those boxes. Regardless of what is put into these boxes, it is the amount of information that is important here. Buffer overflows occur when too much memory is used and not enough memory was allocated. The result is that return calls for functions can be lost or overwritten, allowing malicious users the ability to access and modify other parts of a system.
This is the same test that was performed on version 2.79 of WinAmp, and 2 major releases later (as there was no version 4), we find that NullSoft's overhaul of the WinAmp code has reallowed the bug to appear.
Regression testing is a very necessary technique for maintaining a stable product release (one that is at least as stable as the releases before in terms of the same features). We observe the results of a regression test by directly examining the program's reaction to the tests that have previously been run before, and expect to receive the same result as we did upon a previous successful run of the test (the result we recieved once the bug was corrected).
Performing the Test
After pressing multiple times, try bringing down the 'View' or 'Options' menus. Each time you pressed , it added more and more duplicate menu options into the menu:
Performing this same test in WinAmp v2.79 will elicit different results, but it is still illustrates an exploitable buffer overflow, which could allow a user to alter or damage information on another user's computer. Regression testing allowed us to reuse the same tests to locate this older bug by testing for errors that WinAmp had in the past. In WinAmp v2.79, instead of the menus being altered, the program would actually crash with the following error:
This is a highly critical bug, as buffer overflows can be very dangerous. Malicious users can find ways to execute computer code to run with the buffer overflow, such that WinAmp might then call another program to perform a task or damage files on a user's harddrive.
While Risk-based testing originally helped us to quickly and easily locate this buffer overflow originally, by Regression testing with our original test, we were able to keep track of whether or not the bug would reappear.
Similar Tests/Additional Notes
Try performing the same or similar tests in older/newer versions of WinAmp and observe the results. Similarly, try entering large amounts of text into limited fields inside some other programs, such as word processors or Internet browsers.
Testing NullSoft's WinAmp v5.03 on: