[22673] in bugtraq
Re: Problems in Forte Developer 6 dbx and install docs
daemon@ATHENA.MIT.EDU (Casper Dik)
Tue Sep 18 10:59:02 2001
Message-Id: <200109181046.MAA26478@romulus.Holland.Sun.COM>
To: Scott Schwartz <schwartz@bio.cse.psu.edu>
Cc: bugtraq@securityfocus.com
In-reply-to: Your message of "Mon, 17 Sep 2001 14:05:23 EDT."
<20010917180523.8989.qmail@f.bio.cse.psu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 18 Sep 2001 12:46:11 +0200
From: Casper Dik <Casper.Dik@Sun.COM>
>Sun's compilers for sparc come with a very nice feature: the debugger
>can instrument an a.out and check for some classes of errors at runtime.
>There's also a very nice batch interface to this: "bcheck -all a.out".
>
>Unfortunately this mechanism doesn't work properly in any version of
>Forte Developer 6 to date: it fails to detect many obvious buffer out
>of bounds array references. This is Sun bugID 4460648, which I'm told
>is marked as "Completed Closed" and "Not Fixed".
It's not marked any of that; it's in Open/accepted state.
>While this isn't a security problem per-se, given that many people rely
>on this (and similar) tools to test their software for a popular class
>of security related bugs, it is a notable defect.
>
>/* Compile me, then run "bcheck -all a.out".
> Half the bugs will be missed. */
>#include <stdlib.h>
>int main() {
> char *a = malloc(10);
> a[11]=9; /*hit*/
> a[20]=9; /*miss*/
> a[7190]=9; /*miss*/
> a[8190]=9; /*hit*/
> exit(0);
>}
Notice that when you leave out the first assignment, the debugger
will trigger on the second one, so perhaps it has some sort of
minimum granularity for warnings.
Strangly, it warns for both if you swap them.
It never warns for a[7190]=9 which is curious.
(ANd yes, xhost + should be stomped on)
Casper
