8000 DivZero Issue · Issue #21 · felixangell/mac · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
DivZero Issue #21
New issue
New issue
Open
Open
DivZero Issue#21
@MinghaoLin2000

Description

@MinghaoLin2000
MinghaoLin2000
opened on Aug 21, 2024

I audited the source code for this project. I found DIV doesn't limit the zero. For instance, below is an example.
`
case DIV: {
registers[A] = stack[SP];
SP = SP - 1;

        registers[B] = stack[SP];
        /* SP = SP - 1;*/
        printf("registera:%d\n",registers[A]);
        registers[C] = registers[B] / registers[A];

        /* SP = SP + 1; */
        stack[SP] = registers[C];
        printf("%d / %d = %d\n", registers[B], registers[A], registers[C]);
        break;
    }

I can control the register[A] into zero, which will cause the DIV zero issue.
[mac]% ./mac DIVZero_poc.mac
[1] 34092 floating point exception ./mac DIVZero_poc.mac
`
I have attached my poc.
DIVZero_poc.mac.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels
    329D

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0