[Tinycc-devel] Out of Bounds Write in asm_parse

tinycc-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] Out of Bounds Write in asm_parse_directive

From:	bugs-syssec
Subject:	[Tinycc-devel] Out of Bounds Write in asm_parse_directive
Date:	Wed, 12 Dec 2018 17:16:02 +0100
User-agent:	RUB Webmail/1.3.8 via Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0

Dear all,

An out of bounds write in the asm_parse_directive function was foundwhile fuzzing tcc.

You can find the input producing the crash and the output of the clangaddress sanitizer and valgrind in the attachments.The input file contains four lines, each of which triggered the bug onmy system.

The ASAN output was generated on an older version of Ubuntu (16.04),
but I could also reproduce the crashes on a current Arch Linux.

To reproduce, compile the attached input file with tcc

    tcc asm_parse-oob_write.c

I tested the latest git version of tcc (commitc4787e3626904fc542bd640cc368a9d306347008).


Credits: SysSec chair of Ruhr University Bochum

asm_parse-oob_write.c
Description: Text document

valgrind.txt
Description: Text document

asan.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Tinycc-devel] Out of Bounds Write in asm_parse_directive, bugs-syssec <=

Prev by Date: [Tinycc-devel] Commit 'x86-64: Fix calls via absolute function pointers' makes 07 test fail on ARM
Next by Date: [Tinycc-devel] Out of Bounds Write in sym_pop
Previous by thread: [Tinycc-devel] Commit 'x86-64: Fix calls via absolute function pointers' makes 07 test fail on ARM
Next by thread: [Tinycc-devel] Out of Bounds Write in sym_pop
Index(es):
- Date
- Thread