Skip to content
Snippets Groups Projects
Commit 8be782ee authored by ryuzakighost's avatar ryuzakighost
Browse files

vuln attmept 2

parent fef4659f
Branches
No related tags found
No related merge requests found
...@@ -21,10 +21,8 @@ public class Fuzzer { ...@@ -21,10 +21,8 @@ public class Fuzzer {
/* We just print one instruction. /* We just print one instruction.
Hint: you might want to make use of the instruction Hint: you might want to make use of the instruction
grammar which is effectively encoded in Instruction.java */ grammar which is effectively encoded in Instruction.java */
pw.println("MOV R1 1"); pw.println("MOV R0 65535");
pw.println("MOV R2 0"); pw.println("LDR R2 R0 0");
pw.println("DIV R0 R1 R2");
pw.println("ADD R2 R0 R1");
pw.println("RET R2"); pw.println("RET R2");
}catch (Exception e){ }catch (Exception e){
......
...@@ -55,7 +55,8 @@ unsigned int count = 0; /* counts number of instructions executed so far */ ...@@ -55,7 +55,8 @@ unsigned int count = 0; /* counts number of instructions executed so far */
static void machine_init(void){ static void machine_init(void){
memory = malloc(sizeof(int32_t)*MEMORY_SIZE); /*Change doesn't clean all of memory, doing a read on the last memory loc vuln*/
memory = malloc(sizeof(int32_t)*(MEMORY_SIZE-1));
regs = malloc(sizeof(int32_t)*NUM_REGS); regs = malloc(sizeof(int32_t)*NUM_REGS);
/* memset can be vulnerable - changes to this can result in dirty memory to be read*/ /* memset can be vulnerable - changes to this can result in dirty memory to be read*/
...@@ -86,12 +87,15 @@ static void do_mult(unsigned int dest, unsigned int src1, unsigned int src2) ...@@ -86,12 +87,15 @@ static void do_mult(unsigned int dest, unsigned int src1, unsigned int src2)
} }
/* returns 0 on success, nonzero on failure */ /* returns 0 on success, nonzero on failure */
/*CHANGE - Divide by Zero now possible*/
static int do_div(unsigned int dest, unsigned int src1, unsigned int src2) static int do_div(unsigned int dest, unsigned int src1, unsigned int src2)
{ {
if (regs[src2] == 0){
return -1;
}else{
regs[dest] = regs[src1] / regs[src2]; regs[dest] = regs[src1] / regs[src2];
return 0; return 0;
} }
}
/* returns 0 on success, nonzero on failure */ /* returns 0 on success, nonzero on failure */
static int do_load(unsigned int dest, unsigned int src, int32_t offs){ static int do_load(unsigned int dest, unsigned int src, int32_t offs){
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment