diff --git a/fuzzer/Fuzzer.java b/fuzzer/Fuzzer.java index 6b6f3fb4dedaa9d4007adbcf09fa3ffd6444d979..85ffea567160a985f7b4301d5f92af4f8c4c58a1 100644 --- a/fuzzer/Fuzzer.java +++ b/fuzzer/Fuzzer.java @@ -30,9 +30,7 @@ public class Fuzzer { /*pw.println("MOV R1 65535"); pw.println("LDR R0 R1 0");*/ - pw.println("MOV R1 1"); - pw.println("LDR R0 R1 65535"); - pw.println("RET R0"); + pw.println("RET R-1"); /*pw.print("RET R0"); diff --git a/src/machine-vuln3.c b/src/machine-vuln3.c index c2da3d6c9743e2ba57d5589a4ae6c433abb9aa6a..cdad31ece6b49af8a8ab3bc4f3f205d7cc53d4dc 100644 --- a/src/machine-vuln3.c +++ b/src/machine-vuln3.c @@ -40,7 +40,7 @@ const char INSTRUCTION_JZ[] = "jz"; #define NUM_REGS 32 #define MAX_REG (NUM_REGS-1) #define MEMORY_SIZE 65536 /* 4 x as much memory as a 64 */ -#define MAX_ADDR (MEMORY_SIZE) +#define MAX_ADDR (MEMORY_SIZE-1) /* we force building with -fwrapv to ensure that signed overflow is defined @@ -126,7 +126,7 @@ static void do_move(unsigned int rd, int32_t val){ regs[rd] = val; } -#define valid_reg(reg) (reg >= 0 && reg <= MAX_REG) +#define valid_reg(reg) (reg <= MAX_REG) /* returns 0 on success, nonzero on failure. puts register number into diff --git a/src/pocs/poc3.s b/src/pocs/poc3.s index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..29f75bd4b674892ac28200902d10eabb9754721d 100644 --- a/src/pocs/poc3.s +++ b/src/pocs/poc3.s @@ -0,0 +1,3 @@ + pw.println("MOV R1 1"); + pw.println("LDR R0 R1 65535"); + pw.println("RET R0"); \ No newline at end of file