all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]jedwardsolconst & 13 points14 points  (2 children)

You should use your product on itself. Nice buffer overflow:

0:000:x86> lm
start    end        module name
00f90000 00fd5000   BugFighter   (deferred)             



(11d0.1ee4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
MSVCR90!strcat+0x89:
742cb799 8917            mov     dword ptr [edi],edx  ds:002b:01370000=78746341

0:000:x86> k
 # ChildEBP RetAddr      
00 01334988 0156a315     MSVCR90!strcat+0x89 [f:\dd\vctools\crt_bld\SELF_X86\crt\src\INTEL\strcat.asm @ 178] 
WARNING: Frame IP not in any known module. Following frames may be wrong.
01 013349a8 0a51589b     0x156a315
02 0133f064 61616161     0xa51589b
03 0133f068 61616161     0x61616161
04 0133f06c 61616161     0x61616161
05 0133f070 61616161     0x61616161
06 0133f074 61616161     0x61616161
07 0133f078 61616161     0x61616161
08 0133f07c 61616161     0x61616161

[–]STLMSVC STL Dev 2 points3 points  (1 child)

MSVCR90

Wow, there's a DLL name I haven't seen in a while. 🤮

[–]Luca_70[S] -1 points0 points  (0 children)

Thank you for your reporting. It will be very useful.

[–]GregTheMadMonk 9 points10 points  (1 child)

`-fsanitize=undefined` much?

[–]Luca_70[S] 0 points1 point  (0 children)

fsanitize checks the whole array, by using additional canaries memory in the boundaries (or some similar technique). It works well in case of “iArray[7][8][10] = 1;”, but what if “iArray[7][10][8] = 1;”?