Vulnerability Development mailing list archives
Re: problem with C and Gcc 2.95.3
From: "Riley Hassell" <riley () speakeasy org>
Date: Sat, 26 May 2001 20:13:07 -0700
The loop: for (i=0;1<10;i++){ is it not terminated correctly. It continues through memory printing the decimal values of whatever it finds. During this process it cycles though the rest of the processes memory, which happens to include environment information. Finally it reachs memory that is <out of bounds>. (Anything past 0xbfffffff in this case). When it tries to access this, an Access violation occurs, or a "Segmentation Fault". As far as printing the ascii value of the bytes, either you're using %c or %s in another test... or something really, really odd is happening. Impossibly odd. :) If for extremely strange reason, the %d conversion specifier, is printing data as ascii string or ascii characters, then this could be really interesting in some cases. For example: buffer[20]; sprintf(buffer,"%d",data[num]); But again I find that hard to believe, considering almost every tool compiled with that version of GCC would fail... and people would've noticed that, hopefully. Hey GCC people... when are we going to have watch exception functionality in linux/intel GCC!!!! Riley Hassell Vulnerability Developer eEye Digital Security ----- Original Message ----- From: "Blue Boar" <BlueBoar () thievco com> To: <vuln-dev () securityfocus com> Sent: Saturday, May 26, 2001 1:47 PM Subject: Re: problem with C and Gcc 2.95.3
Doru Petrescu wrote: <snip>3. i can't understand how did it produced this kind of result ... since printf("%d", ...) will print NUMBERS, and can't print a series
of
dots, like you can see in the output you attached. so i guess the original program had %c or %s ... i put my money on %c
...
Which is why I let the message through. Any reason why a %d stepping off the end of a buffer would end up printing out the environment like that? Or is it certain that the source that was mailed in doesn't match the output? BB <snip>The program return: ..........ÿ¿Hùÿ¿¾l@tùÿ¿|ùÿ¿"tùÿ¿Hùÿ¿fl(@ tùÿ¿¨k@xö@Aðtùÿ¿~"À¤@lùÿ¿0.@»úÿ¿¿úÿ¿Ðúÿ¿úúÿ¿
ûÿ¿(ûÿ¿Pûÿ¿cûÿ¿.ûÿ¿-ûÿ¿©ûÿ¿»ûÿ¿Çûÿ¿Ðûÿ¿êûÿ¿ôûÿ¿Òýÿ¿Ýýÿ¿þýÿ¿-þÿ¿Gþÿ¿\þÿ¿iþÿ¿} þÿ¿.þÿ¿"þÿ¿zþÿ¿©þÿ¿¶þÿ¿¾þÿ¿Êþÿ¿
ÿÿ¿ÿÿ¿/ÿÿ¿=ÿÿ¿Kÿÿ¿\ÿÿ¿jÿÿ¿uÿÿ¿?ÿÿ¿²ÿÿ¿Áÿÿ¿Ðÿÿ¿äÿÿ¿òÿÿ¿4 @ f
ÿùf¶úÿ¿i686./5PWD=/root/prg/myLTDL_LIBRARY_PATH=/root/.kde/lib:/usr/libLC_ME SSAGES=itHOSTNAME=localhost.localdomainLD_LIBRARY_PATH=/root/.kde/lib:/usr/l ibLESSKEY=/etc/.lessLESSOPEN=|/usr/bin/lesspipe.sh
%sLANGUAGE=it_IT:itENV=/root/.bashrcPS1=[\u@\h \W]\$
KDEDIR=/usrLESS=-MMBROWSER=/usr/bin/netscapeUSER=rootLS_COLORS=no=00:fi=00:d i=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi =01;05;37;41:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat= 01;32:*.tar=01;31:*.tgz=01;31:*.tbz2=01;31:*.arc=01;31:*.arj=01;31:*.taz=01; 31:*.lzh=01;31:*.
Current thread:
- problem with C and Gcc 2.95.3 Ale (May 25)
- Re: problem with C and Gcc 2.95.3 Yuri Polyansky (May 26)
- Re: problem with C and Gcc 2.95.3 Doru Petrescu (May 26)
- Re: problem with C and Gcc 2.95.3 Blue Boar (May 26)
- Re: problem with C and Gcc 2.95.3 Jeroen Latour (May 26)
- Re: problem with C and Gcc 2.95.3 Riley Hassell (May 26)
- Re: problem with C and Gcc 2.95.3 Blue Boar (May 26)