[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] Out of Bounds Write in sym_pop

From: bugs-syssec
Subject: [Tinycc-devel] Out of Bounds Write in sym_pop
Date: Wed, 12 Dec 2018 17:20:12 +0100
User-agent: RUB Webmail/1.3.8 via Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0

Dear all,

While fuzzing tcc, an out of bounds write was found in the sym_pop function.

Attached are a file producing a crash when compiled and the output of the clang address sanitizer and valgrind.

The asan report only shows an out of bounds read, valgrind also shows the out of bounds write.

There are multiple inputs leading to the same crash,
they are included in the attached file as comments.

To reproduce, compile the attached input file with tcc

    tcc sym_pop-oob_read.c

The latest git version of tcc (commit c4787e3626904fc542bd640cc368a9d306347008) was tested.

Credits: SysSec chair of Ruhr University Bochum

Attachment: asan.txt
Description: Text document

Attachment: sym_pop-oob_write.c
Description: Binary data

Attachment: valgrind.txt
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]