From 0ea725efdbe3a9e7f6117da4e4131c9b103a2310 Mon Sep 17 00:00:00 2001
From: ryuzakighost <ryuzakighost@gmail.com>
Date: Sat, 13 Oct 2018 15:06:32 +1100
Subject: [PATCH] tweak

---
 fuzzer/Fuzzer.java  | 4 +---
 src/machine-vuln3.c | 4 ++--
 src/pocs/poc3.s     | 3 +++
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/fuzzer/Fuzzer.java b/fuzzer/Fuzzer.java
index 6b6f3fb..85ffea5 100644
--- a/fuzzer/Fuzzer.java
+++ b/fuzzer/Fuzzer.java
@@ -30,9 +30,7 @@ public class Fuzzer {
             /*pw.println("MOV R1 65535");
             pw.println("LDR R0 R1 0");*/
             
-            pw.println("MOV R1 1");
-            pw.println("LDR R0 R1 65535");
-            pw.println("RET R0");
+            pw.println("RET R-1");
            
            
             /*pw.print("RET R0");
diff --git a/src/machine-vuln3.c b/src/machine-vuln3.c
index c2da3d6..cdad31e 100644
--- a/src/machine-vuln3.c
+++ b/src/machine-vuln3.c
@@ -40,7 +40,7 @@ const char INSTRUCTION_JZ[] = "jz";
 #define NUM_REGS       32
 #define MAX_REG        (NUM_REGS-1)
 #define MEMORY_SIZE    65536              /* 4 x as much memory as a 64 */
-#define MAX_ADDR       (MEMORY_SIZE)
+#define MAX_ADDR       (MEMORY_SIZE-1)
 
 
 /* we force building with -fwrapv to ensure that signed overflow is defined
@@ -126,7 +126,7 @@ static void do_move(unsigned int rd, int32_t val){
   regs[rd] = val;
 }
 
-#define valid_reg(reg) (reg >= 0 && reg <= MAX_REG)
+#define valid_reg(reg) (reg <= MAX_REG)
 
 
 /* returns 0 on success, nonzero on failure. puts register number into
diff --git a/src/pocs/poc3.s b/src/pocs/poc3.s
index e69de29..29f75bd 100644
--- a/src/pocs/poc3.s
+++ b/src/pocs/poc3.s
@@ -0,0 +1,3 @@
+ pw.println("MOV R1 1");
+ pw.println("LDR R0 R1 65535");
+ pw.println("RET R0");
\ No newline at end of file
-- 
GitLab