Re: A common bug about gcc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2019-10-21 12:12 +0000, Wilson John wrote:
> I find a vulnerability in gcc. Can you distribute an CVE? When I compile the
> program below, it crashed.
> 
> #include<stdio.h>
> #include<string.h>
> 
> int main()
> {
>     char buff[]="12312312312312312312312*****";
>     char *a = "2*";
>     char *ptr = memmem(buff, 0x30, a,2);
>     printf("%c\n",ptr[0]);
>     return 0;
> 
> }
> 
> My gcc: gcc version 9.1.0 (Ubuntu 9.1.0-2ubuntu2~16.04)
> Reason: when memmem() returns an address which has 64 bits, But the compiled
> program truncates it to 32 bits. So the program crashed by a segment fault.
> 
> However, when I write the program below, it doesn’t crash. For malloc()’s
> returning address is 32 bits too(in the userspace).
> 
> 
> #include<stdio.h>
> #include<string.h>
> 
> int main()
> {
>     char buff[]="12312312312312312312312*****";
>     char *buf=malloc(0x100);
>     memcpy(buf,buff,0x40);
>     char *a = "2*";
>     char *ptr = memmem(buf, 0x30, a,2);
>     printf("%c\n",ptr[0]);
>     return 0;
> 
> }

That's not a bug.

To use memmem() you have to define _GNU_SOURCE.  Without _GNU_SOURCE you don't
have a prototype for memmem() so its return type is persumed to be `int`.

Didn't you see the warning compiling this buggy program?

> test.c: In function ‘main’:
> test.c:8:17: warning: implicit declaration of function ‘memmem’; did you mean
> ‘memset’? [-Wimplicit-function-declaration]
>     8 |     char *ptr = memmem(buff, 0x30, a,2);
>       |                 ^~~~~~
>       |                 memset
> test.c:8:17: warning: initialization of ‘char *’ from ‘int’ makes pointer from
> integer without a cast [-Wint-conversion]
-- 
Xi Ruoyao <xry111@xxxxxxxxxxxxxxxx>
School of Aerospace Science and Technology, Xidian University




[Index of Archives]     [Linux C Programming]     [Linux Kernel]     [eCos]     [Fedora Development]     [Fedora Announce]     [Autoconf]     [The DWARVES Debugging Tools]     [Yosemite Campsites]     [Yosemite News]     [Linux GCC]

  Powered by Linux