BugTraq
[xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability Feb 06 2006 02:05PM
XFOCUS Security Team (security xfocus org) (1 replies)
Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability Feb 07 2006 04:39AM
XFOCUS Security Team (security xfocus org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

thank Ilja van Sprundel <ilja (at) suresec (dot) org [email concealed]> testing.
he find that newest tiny c compiler (tcc-0.9.23) also have this
vulnerability .

also thank kokanin (at) gmail (dot) com [email concealed] and alekc (at) avet.com (dot) pl [email concealed] :)

/**
* check_compiler_sizeof_vulnerability.c
*
* Check compiler whether correct deal with sizeof operator,
* which can cause integer overflow if you careless use !!!
*
* note: some old compiler maybe have this vulnerability!!!!
*
* by alert7 (at) xfocus (dot) org [email concealed]
*
* XFOCUS Security Team
* http://www.xfocus.org
*
* already tested:
*
* BCB6+ent_upd4....................................vuln !!!
* tcc-0.9.23 ......................................vuln !!!
* ........thank Ilja van Sprundel <ilja (at) suresec (dot) org [email concealed]>
* gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln
* gcc version 2.95.3-4(cygwin special).............not vuln
* gcc version egcs-2.91.66.........................not vuln
* cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln
* VC6+sp5..........................................not vuln
* .......................................thank eyas
* lcc version 3.8..................................not vuln
*..................................thank tombkeeper
* evc4+sp4.........................................not vuln
* ........................................thank san
* gcc version 3.4.2 [FreeBSD] 20040728.............not vuln
* ........................thank <kokanin (at) gmail (dot) com [email concealed]>
* GCC OpenBSD 3.1 (2.95.3 20010125 (prerelease))...not vuln
* MS VS.NET 2003 ..................................not vuln
* ..............above two thank <alekc (at) avet.com (dot) pl [email concealed]>
*
* REQUEST YOUR COMMENT:
* VC6 not sp5......................................?
* VC7..............................................?
* evc not sp4......................................?
* ...
*/
#include <stdio.h>

int main(int argc, char *argv[])
{
int i =-1;

printf("Check compiler whether correct deal with sizeof operator\n");
printf(" by alert7 (at) xfocus (dot) org [email concealed] \n\n");

if (i > sizeof ( int ) )
{
printf("This compiler is not vuln\n");
}else
printf("This compiler is vuln!!!\n");

getchar();

return 0;
}

- --EOF

- --

Kind Regards,

- ---
XFOCUS Security Team
http://www.xfocus.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD6CR/whDwaF6cSWIRArcqAKCmTor93qg3JlmPEL6VjMHzgGl7hgCgxwtM
r71nRPE+00IBZW0hSqjEnU4=
=Bl/T
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus