Last active
August 29, 2015 14:16
-
-
Save inaz2/143e9814bde9dadcd26d to your computer and use it in GitHub Desktop.
a minimum test of uninitialized pointer use (CWE-824)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ uname -a | |
| Linux vm-ubuntu64 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | |
| $ lsb_release -a | |
| No LSB modules are available. | |
| Distributor ID: Ubuntu | |
| Description: Ubuntu 14.04.1 LTS | |
| Release: 14.04 | |
| Codename: trusty | |
| $ gcc uninitialized_pointer_use.c | |
| $ ./a.out | |
| p = 0x4141414141414141 | |
| Segmentation fault (core dumped) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| void f() | |
| { | |
| char buf[80]; | |
| memset(buf, 'A', 80); | |
| } | |
| void g() | |
| { | |
| char buf[40]; | |
| void (*p)(); | |
| printf("p = %p\n", p); | |
| p(); | |
| } | |
| int main() | |
| { | |
| f(); | |
| g(); | |
| } |
Author
inaz2
commented
Feb 28, 2015
- CWE - CWE-824: Access of Uninitialized Pointer (2.8)
- Samba vulnerability (CVE-2015-0240) | Red Hat Security
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment