[Tinycc-devel] Out of Bounds Write in gsym

tinycc-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] Out of Bounds Write in gsym_addr

From:	Bugs SysSec
Subject:	[Tinycc-devel] Out of Bounds Write in gsym_addr
Date:	Tue, 28 May 2019 15:57:01 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.0

Dear all,

While fuzzing tcc, an out of bounds write was found in the gsym_addr
function.

Attached are a file producing a crash when compiled, the output of the
clang address sanitizer and valgrind.

The asan report only shows an out of bounds read, valgrind also shows
the out of bounds write.

To reproduce, compile the attached input file with tcc

    tcc gsym_addr.c

The latest git version of tcc (commit
1dd6842654c8f8f6bf1a94364f0fd23ed10cc7e1) and tcc 0.9.27 was tested.


Credits: SysSec chair of Ruhr University Bochum

gsym_addr.asan.txt
Description: Text document

gsym_addr.c
Description: Text Data

gsym_addr.valgrind.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

[Tinycc-devel] Out of Bounds Write in gsym_addr, Bugs SysSec <=
- Re: [Tinycc-devel] Out of Bounds Write in gsym_addr, Michael Matz, 2019/05/30

Prev by Date: Re: [Tinycc-devel] Two compilers at once
Next by Date: Re: [Tinycc-devel] Out of Bounds Write in gsym_addr
Previous by thread: [Tinycc-devel] Two compilers at once
Next by thread: Re: [Tinycc-devel] Out of Bounds Write in gsym_addr
Index(es):
- Date
- Thread