[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Dec 2015 14:01:19 -0600
From: jfoug <jfoug@...nwall.net>
To: john-dev@...ts.openwall.com
Subject: Re: rules.c patch for ASan fault
Here is example code:
$ cat x.c
#include <stdio.h>
int main() {
unsigned char c=255;
int x;
x = (int)(c+1);
printf ("%d\n", x);
}
$ ./a
256
On 12/3/2015 1:57 PM, jfoug wrote:
> On 12/3/2015 12:28 PM, Solar Designer wrote:
>> ... but (rules_vars['m'] + 1) is then 0, isn't it?
> Nope, it is 256 due to this:
>
> /*
> * This assumes that RULE_WORD_SIZE is small enough that length can't
> reach or
> * exceed INVALID_LENGTH.
> */
> rules_vars['l'] = length;
> rules_vars['m'] = (unsigned char)length -1;
>
> rules_vars['m'] is 255. Then (rules_vars['m']+1) will convert to int,
> and 256 is the expression result.
>
>>> This leads to an ASan fault (at least a "read" fault)
>> I'll need to figure out why this is the case and how to fix that.
> This is a core (IIRC), not just an ASAN error
>
> Jim.
>
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
