<<< Date Index >>>     <<< Thread Index >>>

Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

thank Ilja van Sprundel <ilja@xxxxxxxxxxx> testing.
he find that newest tiny c compiler (tcc-0.9.23) also have this
vulnerability .

also thank kokanin@xxxxxxxxx and alekc@xxxxxxxxxxx :)

 /**
  * check_compiler_sizeof_vulnerability.c
  *
  * Check compiler whether correct deal with sizeof operator,
  * which can cause integer overflow if you careless use !!!
  *
  * note: some old compiler maybe have this vulnerability!!!!
  *
  * by alert7@xxxxxxxxxx
  *
  * XFOCUS Security Team
  * http://www.xfocus.org
  *
  * already tested:
  *
  * BCB6+ent_upd4....................................vuln !!!
  * tcc-0.9.23 ......................................vuln !!!
  * ........thank Ilja van Sprundel <ilja@xxxxxxxxxxx>
  * gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln
  * gcc version 2.95.3-4(cygwin special).............not vuln
  * gcc version egcs-2.91.66.........................not vuln
  * cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln
  * VC6+sp5..........................................not vuln
  * .......................................thank eyas
  * lcc version 3.8..................................not vuln
  *..................................thank tombkeeper
  * evc4+sp4.........................................not vuln
  * ........................................thank san
  * gcc version 3.4.2 [FreeBSD] 20040728.............not vuln
  * ........................thank <kokanin@xxxxxxxxx>
  * GCC OpenBSD 3.1 (2.95.3 20010125 (prerelease))...not vuln
  * MS VS.NET 2003 ..................................not vuln
  * ..............above two thank <alekc@xxxxxxxxxxx>
  *
  * REQUEST YOUR COMMENT:
  * VC6 not sp5......................................?
  * VC7..............................................?
  * evc not sp4......................................?
  * ...
  */
 #include <stdio.h>

 int main(int argc, char *argv[])
 {
  int i =-1;

  printf("Check compiler whether correct deal with sizeof operator\n");
  printf("  by alert7@xxxxxxxxxx \n\n");

  if (i > sizeof ( int ) )
  {
    printf("This compiler is not vuln\n");
  }else
    printf("This compiler is vuln!!!\n");

  getchar();

  return 0;
 }

- --EOF



- --

Kind Regards,

- ---
XFOCUS Security Team
http://www.xfocus.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD6CR/whDwaF6cSWIRArcqAKCmTor93qg3JlmPEL6VjMHzgGl7hgCgxwtM
r71nRPE+00IBZW0hSqjEnU4=
=Bl/T
-----END PGP SIGNATURE-----