My OperaQuick Security Auditing Puzzle
Thursday, December 21, 2006 7:10:51 PM
Here's an interesting problem, how can I make this simple program crash? (assume IA32)
scroll down for the solution.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
The code correctly checks for divide by zero, so attempting this wont work:
But not every invalid operation has been checked, while every programmer knows to avoid dividing by zero, very few are aware that it's also illegal to divide INT_MIN by -1. The reason is obvious, on a twos complement system |INT_MIN| is one greater than INT_MAX, so the result of the operation simply cannot fit in an integer.
This little known fact is almost guaranteed to crash any system that uses integer division on user controlled values as so few developers check for this unusual case.
#include <stdlib.h>
#include <stdio.h>
int main(int argc, char **argv)
{
int a, b;
if (argc != 3)
return 1;
a = atoi(argv[1]);
b = atoi(argv[2]);
return b ? a / b : 0;
}
scroll down for the solution.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
The code correctly checks for divide by zero, so attempting this wont work:
$ ./a.out 42 0; echo $? 0 $
But not every invalid operation has been checked, while every programmer knows to avoid dividing by zero, very few are aware that it's also illegal to divide INT_MIN by -1. The reason is obvious, on a twos complement system |INT_MIN| is one greater than INT_MAX, so the result of the operation simply cannot fit in an integer.
This little known fact is almost guaranteed to crash any system that uses integer division on user controlled values as so few developers check for this unusual case.
$ ./a.out -2147483648 -1; echo $? Floating point exception (core dumped) 136
Anonymous # Thursday, December 21, 2006 8:52:33 PM
Anonymous # Saturday, December 23, 2006 8:53:56 AM
Anonymous # Saturday, December 23, 2006 11:40:04 AM
Anonymous # Wednesday, January 10, 2007 12:22:26 AM
Anonymous # Thursday, February 22, 2007 7:35:22 PM