I find a vulnerability in gcc. Can you distribute an CVE? When I compile the program below, it crashed.
#include<stdio.h>
#include<string.h>
int main()
{
char buff[]="12312312312312312312312*****";
char *a = "2*";
char *ptr = memmem(buff, 0x30, a,2);
printf("%c\n",ptr[0]);
return 0;
}
My gcc: gcc version 9.1.0 (Ubuntu 9.1.0-2ubuntu2~16.04)
Reason: when memmem() returns an address which has 64 bits, But the compiled program truncates it to 32 bits. So the program crashed by a segment fault.
However, when I write the program below, it doesn’t crash. For malloc()’s returning address is 32 bits too(in the userspace).
#include<stdio.h>
#include<string.h>
int main()
{
char buff[]="12312312312312312312312*****";
char *buf=malloc(0x100);
memcpy(buf,buff,0x40);
char *a = "2*";
char *ptr = memmem(buf, 0x30, a,2);
printf("%c\n",ptr[0]);
return 0;
}
