 | ||||||
| << Previous | INDEX | Search | src | Set bookmark | Go to bookmark | Next >> |
| ||||||
| |||||||||||||||||||||
Date: Mon, 17 Sep 2001 14:05:23 -0400
From: Scott Schwartz <schwartz@bio.cse.psu.edu>
To: bugtraq@securityfocus.com
Subject: Problems in Forte Developer 6 dbx and install docs
Sun's compilers for sparc come with a very nice feature: the debugger
can instrument an a.out and check for some classes of errors at runtime.
There's also a very nice batch interface to this: "bcheck -all a.out".
Unfortunately this mechanism doesn't work properly in any version of
Forte Developer 6 to date: it fails to detect many obvious buffer out
of bounds array references. This is Sun bugID 4460648, which I'm told
is marked as "Completed Closed" and "Not Fixed".
While this isn't a security problem per-se, given that many people rely
on this (and similar) tools to test their software for a popular class
of security related bugs, it is a notable defect.
/* Compile me, then run "bcheck -all a.out".
Half the bugs will be missed. */
#include <stdlib.h>
int main() {
char *a = malloc(10);
a[11]=9; /*hit*/
a[20]=9; /*miss*/
a[7190]=9; /*miss*/
a[8190]=9; /*hit*/
exit(0);
}
There's another bug in Forte 6.x, this one in the documentation, which
says to use "xhost + target-matchine" to install the software. That
advice represents the very antithesis of best current practice, and surely
needs to be changed. A RFE has been filed with the documentation group.
(The same bad advice appears in many of Sun's installation documents.)
| |||||||||||||||||||||
|
|