mac
mac copied to clipboard
felixangell
Arbitrary write issue
I audited the source code for this project. I found index accessing the memory is not limited in some op. For instance, below is a example.
case GPT: { registers[instructions[IP + 1]] = stack[SP]; printf("value:%d\n id:%d\n",instructions[IP + 1],IP); IP = IP + 1; break; }
I can control the instructions[IP+1] into arbitrary position, which can exceed the registers. I have attached my poc.
arbitraryWrite_poc.mac.zip
[mac]% ./mac arbitraryWrite_poc.mac
[1] 34264 segmentation fault ./mac arbitraryWrite_poc.mac