Re: [Full-disclosure] new class of printf issue: int overflow
- From: Mihai Dontu <mdontu@xxxxxxxxxxxxxxx>
- Date: Thu, 11 Jan 2007 13:44:34 +0200
On Thursday 11 January 2007 03:00, Felix von Leitner wrote:
$ cat > t.c
#include <stdio.h>
int main() {
printf("%d\n",snprintf(0,0,"%*d %*d",0x40000000,1,0x40000000,1));
}
$ gcc -o t t.c
$ ./t
-2147483647
./t 17.02s user 0.03s system 99% cpu 17.161 total
$
the second line comes from my zsh, and as you can see running this
program took 17 seconds. top shows that the process used 1 gig of
memory while it ran. :-)
This is a pretty neat trick :)
However, it takes ~1GB of virtual memory, which in Linux land is not a
biggie if you don't write anything in it.
Out of curiosity, I made the same test on Windows (cl.exe). It took ~14s to
run, but it did not go above 300KB of memory usage.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] new class of printf issue: int overflow
- From: Felix von Leitner
- [Full-disclosure] new class of printf issue: int overflow
- Prev by Date: [Full-disclosure] Re: new class of printf issue: int overflow
- Next by Date: [Full-disclosure] Script from Win32/Agent.CT
- Previous by thread: [Full-disclosure] Re: new class of printf issue: int overflow
- Next by thread: Re: [Full-disclosure] new class of printf issue: int overflow
- Index(es):
Relevant Pages
|
