* Wilson John:
> I find a vulnerability in gcc. Can you distribute an CVE? When I
> compile the program below, it crashed.
>
> #include<stdio.h>
> #include<string.h>
>
> int main()
> {
> char buff[]="12312312312312312312312*****";
> char *a = "2*";
> char *ptr = memmem(buff, 0x30, a,2);
> printf("%c\n",ptr[0]);
> return 0;
>
> }
>
> My gcc: gcc version 9.1.0 (Ubuntu 9.1.0-2ubuntu2~16.04)
> Reason: when memmem() returns an address which has 64 bits, But the
> compiled program truncates it to 32 bits. So the program crashed by a
> segment fault.
Was there a compiler warning? Please don't ignore compiler warnings.
memmem is a GNU extension, so you need to build with -D_GNU_SOURCE.
Thanks,
Florian
