Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Dec 2015 14:01:19 -0600
From: jfoug <jfoug@...nwall.net>
To: john-dev@...ts.openwall.com
Subject: Re: rules.c patch for ASan fault

Here is example code:

$ cat x.c
#include <stdio.h>
int main() {
    unsigned char c=255;
    int x;
    x = (int)(c+1);
    printf ("%d\n", x);
}

$ ./a
256


On 12/3/2015 1:57 PM, jfoug wrote:
> On 12/3/2015 12:28 PM, Solar Designer wrote:
>> ... but (rules_vars['m'] + 1) is then 0, isn't it? 
> Nope, it is 256 due to this:
>
> /*
> * This assumes that RULE_WORD_SIZE is small enough that length can't 
> reach or
> * exceed INVALID_LENGTH.
> */
>      rules_vars['l'] = length;
>      rules_vars['m'] = (unsigned  char)length -1;
>
> rules_vars['m'] is 255.  Then (rules_vars['m']+1) will convert to int, 
> and 256 is the expression result.
>
>>> This leads to an ASan fault (at least a "read" fault)
>> I'll need to figure out why this is the case and how to fix that.
> This is a core (IIRC), not just an ASAN error
>
> Jim.
>


[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ