stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 12 Releases Wiki Activity
Files
d785a9095f31c477ae24e6b71d461799f18b2d94
git.stella-ops.org/bench/reachability-benchmark/cases/c/memcpy-overflow/src/main.c
StellaOps Bot 909d9b6220
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
up
2025-12-01 21:16:22 +02:00

39 lines
762 B
C
Raw Blame History

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static int process(size_t len)
{
char src[512];
char dst[128];
memset(src, 'A', sizeof(src));
memset(dst, 0, sizeof(dst));
// Attacker-controlled length; no bounds check.
memcpy(dst, src, len);
// Return first byte to keep optimizer from removing the copy.
return dst[0];
}
int main(int argc, char **argv)
{
if (argc < 2)
{
fprintf(stderr, "usage: %s <len>\n", argv[0]);
return 1;
}
char *end = NULL;
long len = strtol(argv[1], &end, 10);
if (end == argv[1] || len < 0)
{
fprintf(stderr, "invalid length\n");
return 1;
}
int r = process((size_t)len);
printf("result=%d\n", r);
return 0;
}
Reference in New Issue View Git Blame Copy Permalink