glibc/stdio-common/bug23-4.c
Jeff Law a5357b7ce2 CVE-2012-3406: Stack overflow in vfprintf [BZ ]
A larger number of format specifiers coudld cause a stack overflow,
potentially allowing to bypass _FORTIFY_SOURCE format string
protection.
2014-12-15 10:09:33 +01:00

32 lines
677 B
C

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/resource.h>
#define LIMIT 1000000
int
main (void)
{
struct rlimit lim;
getrlimit (RLIMIT_STACK, &lim);
lim.rlim_cur = 1048576;
setrlimit (RLIMIT_STACK, &lim);
char *fmtstr = malloc (4 * LIMIT + 1);
if (fmtstr == NULL)
abort ();
char *output = malloc (LIMIT + 1);
if (output == NULL)
abort ();
for (size_t i = 0; i < LIMIT; i++)
memcpy (fmtstr + 4 * i, "%1$d", 4);
fmtstr[4 * LIMIT] = '\0';
int ret = snprintf (output, LIMIT + 1, fmtstr, 0);
if (ret != LIMIT)
abort ();
for (size_t i = 0; i < LIMIT; i++)
if (output[i] != '0')
abort ();
return 0;
}