Some kinds of integer abuse (bugs and vulnerabilities) that can be found in programs.
Revision | f4d41c5e81536839d3edddb6afeb2a537fbb3e1e (tree) |
---|---|
Time | 2020-11-13 21:34:31 |
Author | Joel Matthew Rees <joel.rees@gmai...> |
Commiter | Joel Matthew Rees |
solved the semicolong in the parameter list problem
@@ -21,21 +21,26 @@ typedef short * shortptr_t; | ||
21 | 21 | typedef long * longptr_t; |
22 | 22 | |
23 | 23 | |
24 | -#define writeMSB1st( type, val, ptr ) \ | |
25 | -void write##type##MSB1st( type val; type##ptr_t ptr ) \ | |
24 | +/* Macros hide the meaning. Maybe C++ would work better for this. | |
25 | +** Maybe I'm trying too hard. | |
26 | +*/ | |
27 | + | |
28 | + | |
29 | +#define writeMSB1st( type ) \ | |
30 | +void write##type##MSB1st( type value, type##ptr_t memptr ) \ | |
26 | 31 | { \ |
27 | - byteptr_t bytes = ( (byteptr_t) ptr ) + sizeof val; \ | |
32 | + byteptr_t bytes = ( (byteptr_t) memptr ) + sizeof value; \ | |
28 | 33 | for ( ;; ) \ |
29 | 34 | { \ |
30 | - * --bytes = (byte_t) ( val & UCHAR_MAX ); \ | |
31 | - if ( bytes <= (byteptr_t) ptr ) break; \ | |
32 | - val >>= CHAR_BIT; \ | |
35 | + * --bytes = (byte_t) ( value & UCHAR_MAX ); \ | |
36 | + if ( bytes <= (byteptr_t) memptr ) break; \ | |
37 | + value >>= CHAR_BIT; \ | |
33 | 38 | } \ |
34 | 39 | } |
35 | 40 | |
36 | 41 | |
37 | 42 | #define writeLSB1st( type ) \ |
38 | -void write##type##LSB1st( type value; type##ptr_t memptr ) \ | |
43 | +void write##type##LSB1st( type value, type##ptr_t memptr ) \ | |
39 | 44 | { \ |
40 | 45 | byteptr_t bytes = ( (byteptr_t) memptr ); \ |
41 | 46 | byteptr_t bound = bytes + sizeof value; \ |
@@ -48,32 +53,36 @@ void write##type##LSB1st( type value; type##ptr_t memptr ) \ | ||
48 | 53 | } |
49 | 54 | |
50 | 55 | |
51 | -long readlongMSB1st( longptr_t memptr ) | |
52 | -{ | |
53 | - long value = 0; | |
54 | - byteptr_t bytes = ( (byteptr_t) memptr ) + sizeof value; | |
55 | - while ( bytes >= (byteptr_t) memptr ) | |
56 | - { | |
57 | - value |= * --bytes; | |
58 | - value <<= CHAR_BIT; | |
59 | - } | |
56 | +#define readMSB1st( type ) \ | |
57 | +type read##type##MSB1st( type##ptr_t memptr ) \ | |
58 | +{ \ | |
59 | + type value = 0; \ | |
60 | + byteptr_t bytes = ( (byteptr_t) memptr ) + sizeof value; \ | |
61 | + while ( bytes >= (byteptr_t) memptr ) \ | |
62 | + { \ | |
63 | + value |= * --bytes; \ | |
64 | + value <<= CHAR_BIT; \ | |
65 | + } \ | |
66 | + return value; \ | |
60 | 67 | } |
61 | 68 | |
62 | 69 | |
63 | -long readlongLSB1st( longptr_t memptr ) | |
64 | -{ | |
65 | - long value = 0; | |
66 | - byteptr_t bytes = (byteptr_t) memptr; | |
67 | - byteptr_t bound = bytes + sizeof value; | |
68 | - while ( bytes < bound ) | |
69 | - { | |
70 | - value |= * bytes++; | |
71 | - value <<= CHAR_BIT; | |
72 | - } | |
70 | +#define readLSB1st( type ) \ | |
71 | +type read##type##LSB1st( type##ptr_t memptr ) \ | |
72 | +{ \ | |
73 | + type value = 0; \ | |
74 | + byteptr_t bytes = (byteptr_t) memptr; \ | |
75 | + byteptr_t bound = bytes + sizeof value; \ | |
76 | + while ( bytes < bound ) \ | |
77 | + { \ | |
78 | + value |= * bytes++; \ | |
79 | + value <<= CHAR_BIT; \ | |
80 | + } \ | |
81 | + return value; \ | |
73 | 82 | } |
74 | 83 | |
75 | 84 | |
76 | -writeMSB1st( long, value, memptr ) | |
85 | +writeMSB1st( long ) | |
77 | 86 | |
78 | 87 | writeMSB1st( short ) |
79 | 88 |
@@ -81,6 +90,13 @@ writeLSB1st( long ) | ||
81 | 90 | |
82 | 91 | writeLSB1st( short ) |
83 | 92 | |
93 | +readMSB1st( long ) | |
94 | + | |
95 | +readMSB1st( short ) | |
96 | + | |
97 | +readLSB1st( long ) | |
98 | + | |
99 | +readLSB1st( short ) | |
84 | 100 | |
85 | 101 | |
86 | 102 | int main( int argc, char *argv[] ) |
@@ -288,9 +304,12 @@ int main( int argc, char *argv[] ) | ||
288 | 304 | |
289 | 305 | printf( "To get the full effect of this,\n" |
290 | 306 | "be sure to compile and run on both least significant first\n" |
291 | - "and most significant first architectures.\n" | |
307 | + "and most significant first architectures.\n\n" | |
292 | 308 | "Ask yourself, \n" |
293 | - "on which architecture will you notice the effects more quickly?\n\n" ); | |
309 | + "on which architecture will you notice the evil effects more quickly,\n" | |
310 | + "so you will know it needs to be fixed?\n\n" | |
311 | + "But most people don't have access to MSB1st hardware any more,\n" | |
312 | + "so I'll simulate both below:\n\n" ); | |
294 | 313 | |
295 | 314 | |
296 | 315 | return EXIT_SUCCESS; |