bug of the day: a memcmp that only compares every fourth byte
-
bug of the day: a memcmp that only compares every fourth byte
i blogged about the memcmp thing
-
i blogged about the memcmp thing
@gsuberland unrelated but shouldn't it be something like
*(a++) ^ *(b++)? -
@gsuberland unrelated but shouldn't it be something like
*(a++) ^ *(b++)?@mildsunrise probably yeah I'm tired lol
-
@mildsunrise probably yeah I'm tired lol
@mildsunrise wait no, cos (a++) would be equivalent to pre-increment
-
@mildsunrise wait no, cos (a++) would be equivalent to pre-increment
@mildsunrise but yeah it should be *a ^ *b and then separately incrementing
-
R relay@relay.infosec.exchange shared this topic
-
@mildsunrise wait no, cos (a++) would be equivalent to pre-increment
@gsuberland (a++) is post increment, pre increment would be (++a)
-
@gsuberland (a++) is post increment, pre increment would be (++a)
@mildsunrise if you wrap it in brackets and deref outside doesn't it turn into pre behaviour regardless? (now I'm writing this I'm realising it probably doesn't, but this is c++ so principle of most surprise applies lol)
-
@mildsunrise if you wrap it in brackets and deref outside doesn't it turn into pre behaviour regardless? (now I'm writing this I'm realising it probably doesn't, but this is c++ so principle of most surprise applies lol)
@mildsunrise yeah nah I'm just tiiired
-
@mildsunrise yeah nah I'm just tiiired
@gsuberland dw, relatable
-
i blogged about the memcmp thing
@gsuberland i'm reminded of a weird bug i found in a compiler. in this case the vendor (green hills c compiler for coldfire cpus) converted a sequence like this:
```uint8_t idx;
idx = ;
char newbyte = lookup_table[idx];The code was converting upper/lowercase letters iirc.
In this case the compiler actually converted idx to a signed value using a coldfire MVS.B instruction for some reason, so you could obtain values outside of the lookup table array if the user input a byte >= 0x80.
Not incredibly useful on its own in the app I was analyzing, but the bug was in the compiler itself so needed to be fixed...I never would have spotted the bug were it not for using Ida back in the day.
