[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] Out of Bounds Write in asm_parse_directive

From: bugs-syssec
Subject: [Tinycc-devel] Out of Bounds Write in asm_parse_directive
Date: Wed, 12 Dec 2018 17:16:02 +0100
User-agent: RUB Webmail/1.3.8 via Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0

Dear all,

An out of bounds write in the asm_parse_directive function was found while fuzzing tcc.

You can find the input producing the crash and the output of the clang address sanitizer and valgrind in the attachments. The input file contains four lines, each of which triggered the bug on my system.
The ASAN output was generated on an older version of Ubuntu (16.04),
but I could also reproduce the crashes on a current Arch Linux.

To reproduce, compile the attached input file with tcc

    tcc asm_parse-oob_write.c

I tested the latest git version of tcc (commit c4787e3626904fc542bd640cc368a9d306347008).

Credits: SysSec chair of Ruhr University Bochum

Attachment: asm_parse-oob_write.c
Description: Text document

Attachment: valgrind.txt
Description: Text document

Attachment: asan.txt
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]