|
![](/i/fill.gif) |
> clipka <ano### [at] anonymous org> wrote:
>> Okay, let's do it a bit more specific:
>
>> void fubar(int idx)
>> {
>> char c[1024];
>> if (idx < 1024)
>> fnord(c[idx]);
>> else
>> FAIL_SAFE();
>> }
>
>> void main()
>> {
>> fubar(INT_MAX+1);
>> }
>
>> No out-of-bounds access? Look at the code again.
>
> But in the original post it was suggested that an array size of INT_MAX+1
> in the image file could cause this. Here the array size is just 1024 (which
> in this particular contest would have ostensibly been read from the image
> file.)
I was going from memory. Sorry about that. It's not the array size
that's too big. Just accessing elements outside of it.
>
> Unless there's an image file where there are actual index values specified.
>
Bingo.
FWIW, there's a group at the University of Oulu
(https://www.ee.oulu.fi/research/ouspg/), next door to you, who do this
all day long. Try to break devices by sending specially crafted packets
that don't respect the protocol specs. They were really famous for a
while in 2002, when they found out that every single device from every
single network equipment vendor was vulnerable to denial-of-service
attacks using SNMP.
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
![](/i/fill.gif) |