[Tinycc-devel] Out of Bounds Write in sym

tinycc-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] Out of Bounds Write in sym_pop

From:	bugs-syssec
Subject:	[Tinycc-devel] Out of Bounds Write in sym_pop
Date:	Wed, 12 Dec 2018 17:20:12 +0100
User-agent:	RUB Webmail/1.3.8 via Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0

Dear all,

While fuzzing tcc, an out of bounds write was found in the sym_popfunction.

Attached are a file producing a crash when compiled and the output ofthe clang address sanitizer and valgrind.

The asan report only shows an out of bounds read, valgrind also showsthe out of bounds write.


There are multiple inputs leading to the same crash,
they are included in the attached file as comments.

To reproduce, compile the attached input file with tcc

    tcc sym_pop-oob_read.c

The latest git version of tcc (commitc4787e3626904fc542bd640cc368a9d306347008) was tested.



Credits: SysSec chair of Ruhr University Bochum

asan.txt
Description: Text document

sym_pop-oob_write.c
Description: Binary data

valgrind.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Tinycc-devel] Out of Bounds Write in sym_pop, bugs-syssec <=

Prev by Date: [Tinycc-devel] Out of Bounds Write in asm_parse_directive
Next by Date: [Tinycc-devel] Segmentation violation in use_section1
Previous by thread: [Tinycc-devel] Out of Bounds Write in asm_parse_directive
Next by thread: [Tinycc-devel] Segmentation violation in use_section1
Index(es):
- Date
- Thread