-
Notifications
You must be signed in to change notification settings - Fork 0
/
memory-access-fail-1-35.c
59 lines (40 loc) · 1.21 KB
/
memory-access-fail-1-35.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
uint64_t main() {
uint64_t* x;
uint64_t* v;
x = malloc(sizeof(uint64_t));
*x = 0; // touch memory
// access code segment by reaching over data segment with _bump variable, no --check-block-access required
v = x + -(4096 / 8) + -1;
*v = *v;
open(v, 32768, 0);
read(0, v, 1);
write(1, v, 1);
// access memory right above 4GB, avoiding big integer in data segment, no --check-block-access required
v = x + ((uint64_t*) (4 * 1024 * 1024 * 1024) - x);
*v = *v;
open(v, 32768, 0);
read(0, v, 1);
write(1, v, 1);
// access word-unaligned address, no --check-block-access required
v = (uint64_t*) ((uint64_t) x + 1);
*v = *v;
open(v, 32768, 0);
read(0, v, 1);
write(1, v, 1);
// access memory right above memory block but well below 4GB, requires --check-block-access
v = x + 1;
*v = *v;
open(v, 32768, 0);
read(0, v, 1);
write(1, v, 1);
// unsafe access right above memory block even without pointer arithmetic
read(0, x, 9);
write(1, x, 9);
// access memory right below memory block but still above code segment, due to _bump variable, requires --check-block-access
v = x + -1;
*v = *v;
open(v, 32768, 0);
read(0, v, 1);
write(1, v, 1);
return 0;
}