[VulnWatch] Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

thank Ilja van Sprundel <ilja@xxxxxxxxxxx> testing.
he find that newest tiny c compiler (tcc-0.9.23) also have this
vulnerability .

also thank kokanin@xxxxxxxxx and alekc@xxxxxxxxxxx :)

/**
* check_compiler_sizeof_vulnerability.c
*
* Check compiler whether correct deal with sizeof operator,
* which can cause integer overflow if you careless use !!!
*
* note: some old compiler maybe have this vulnerability!!!!
*
* by alert7@xxxxxxxxxx
*
* XFOCUS Security Team
* http://www.xfocus.org
*
* already tested:
*
* BCB6+ent_upd4....................................vuln !!!
* tcc-0.9.23 ......................................vuln !!!
* ........thank Ilja van Sprundel <ilja@xxxxxxxxxxx>
* gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln
* gcc version 2.95.3-4(cygwin special).............not vuln
* gcc version egcs-2.91.66.........................not vuln
* cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln
* VC6+sp5..........................................not vuln
* .......................................thank eyas
* lcc version 3.8..................................not vuln
*..................................thank tombkeeper
* evc4+sp4.........................................not vuln
* ........................................thank san
* gcc version 3.4.2 [FreeBSD] 20040728.............not vuln
* ........................thank <kokanin@xxxxxxxxx>
* GCC OpenBSD 3.1 (2.95.3 20010125 (prerelease))...not vuln
* MS VS.NET 2003 ..................................not vuln
* ..............above two thank <alekc@xxxxxxxxxxx>
*
* REQUEST YOUR COMMENT:
* VC6 not sp5......................................?
* VC7..............................................?
* evc not sp4......................................?
* ...
*/
#include <stdio.h>

int main(int argc, char *argv[])
{
int i =-1;

printf("Check compiler whether correct deal with sizeof operator\n");
printf(" by alert7@xxxxxxxxxx \n\n");

if (i > sizeof ( int ) )
{
printf("This compiler is not vuln\n");
}else
printf("This compiler is vuln!!!\n");

getchar();

return 0;
}

- --EOF



- --

Kind Regards,

- ---
XFOCUS Security Team
http://www.xfocus.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD6CR/whDwaF6cSWIRArcqAKCmTor93qg3JlmPEL6VjMHzgGl7hgCgxwtM
r71nRPE+00IBZW0hSqjEnU4=
=Bl/T
-----END PGP SIGNATURE-----

Relevant Pages

  • [Full-disclosure] Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vuln
    ... thank Ilja van Sprundel testing. ... Check compiler whether correct deal with sizeof operator, ... XFOCUS Security Team ... int main ...
    (Full-Disclosure)
  • Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability
    ... thank Ilja van Sprundel testing. ... Check compiler whether correct deal with sizeof operator, ... XFOCUS Security Team ... int main ...
    (Bugtraq)
  • Re: It Pays to Enrich Your C Skills
    ... Check if you can score a perfect 10 (without using a compiler). ... int main{ ... struct bitfield { ... out if it is a negative integer constant or a constant expression ...
    (comp.lang.c.moderated)
  • OT: Re: Perl Peeves
    ... I see the result of a test being used as an int. ... the compiler just assumed you knew what you were doing ... introduced to the language later, so void * was unheard of in most code. ... This didn't mean bool was special, declaring it just signaled to the ...
    (comp.lang.perl.misc)
  • Re: OT: Re: Perl Peeves
    ... when I see the result of a test being used as an int. ... compiler just assumed you knew what you were doing and would ... This didn't mean bool was special, declaring it just signaled to the ... What "normalization of bool results is built into the compiler"? ...
    (comp.lang.perl.misc)