1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
#include <stdlib.h>
#include <unistd.h>
#include <sys/syscall.h>
int main(void)
{
// uninitialised, but we know pi[0] is 0x0
int* pi = malloc(sizeof(int));
// uninitialised, but we know pc[0] points to 0x0
char** pc = malloc(sizeof(char*));
// Five errors:
// - the syscall number itself is undefined (but we know it's
// 0 + __NR_write :)
// - each of the scalar args are undefined
// - the 2nd arg points to unaddressable memory.
syscall(pi[0]+__NR_write, pi[0], pc[0], pi[0]+1);
return 0;
}
|
