Re: [Tinycc-devel] Out of Bounds Write in gsym

tinycc-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Out of Bounds Write in gsym_addr

From:	Michael Matz
Subject:	Re: [Tinycc-devel] Out of Bounds Write in gsym_addr
Date:	Thu, 30 May 2019 21:38:07 +0200 (CEST)
User-agent:	Alpine 2.21 (LSU 202 2017-01-01)

Hello,


On Tue, 28 May 2019, Bugs SysSec wrote:

While fuzzing tcc, an out of bounds write was found in the gsym_addrfunction.
Attached are a file producing a crash when compiled, the output of theclang address sanitizer and valgrind.

You might want to check your outgoing mail filters, the attachmentcontained a question mark as function name, ala:


--------------------
?()
{
  for(;"";)
    asm(".section");
--------------------

With that input TCC doesn't even enter the gen_function routine, andhence doesn't expose the wild read. Fixing the testcase to use a normalfunction name like 'x' allows to reproduce the problem, which is now fixedin mob. Thanks for the report.



Ciao,
Michael.

[Prev in Thread]

Current Thread

[Next in Thread]

[Tinycc-devel] Out of Bounds Write in gsym_addr, Bugs SysSec, 2019/05/28
- Re: [Tinycc-devel] Out of Bounds Write in gsym_addr, Michael Matz <=

Prev by Date: [Tinycc-devel] Out of Bounds Write in gsym_addr
Previous by thread: [Tinycc-devel] Out of Bounds Write in gsym_addr
Index(es):
- Date
- Thread