FreeBSD Bugzilla – Attachment 165468 Details for
Bug 206177
Out-of-bounds read in wcsncat(3)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
Crashing testcase
test-wcsncat.c (text/x-csrc), 591 bytes, created by
Alexander Cherepanov
on 2016-01-12 22:40:59 UTC
(
hide
)
Description:
Crashing testcase
Filename:
MIME Type:
Creator:
Alexander Cherepanov
Created:
2016-01-12 22:40:59 UTC
Size:
591 bytes
patch
obsolete
>#include <wchar.h> > >#include <unistd.h> >#include <sys/mman.h> > >int main(void) >{ > size_t size = 10; /* number of chars to copy */ > > /* first array */ > wchar_t s1[100] = L""; > > /* second array */ > long pagesize = sysconf(_SC_PAGESIZE); > char *p = mmap(NULL, 2 * pagesize, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); > if (p == MAP_FAILED) > return 1; > if (mprotect(p + pagesize, pagesize, PROT_NONE) != 0) > return 2; > wchar_t *s2 = (wchar_t *)(p + pagesize) - size; > wmemset(s2, L'A', size); > > /* crash here */ > wcsncat(s1, s2, size); > > return 0; >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=165468">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 206177
:
165467
| 165468