Hello,
On Tue, 28 May 2019, Bugs SysSec wrote:
While fuzzing tcc, an out of bounds write was found in the gsym_addr
function.
Attached are a file producing a crash when compiled, the output of the
clang address sanitizer and valgrind.
You might want to check your outgoing mail filters, the attachment
contained a question mark as function name, ala:
--------------------
?()
{
for(;"";)
asm(".section");
--------------------
With that input TCC doesn't even enter the gen_function routine, and
hence doesn't expose the wild read. Fixing the testcase to use a normal
function name like 'x' allows to reproduce the problem, which is now fixed
in mob. Thanks for the report.
Ciao,
Michael.
_______________________________________________
Tinycc-devel mailing list
Tinycc-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/tinycc-devel
