Open lucabtz opened 1 day ago
Wow! I never thought someone would end up finding this repository if I'm being honest haha. Thanks for the feedback, I'll make sure to fix these bugs.
People who can write exploits are really cool, I have to try it sometime. If you publish a blog post, I would enjoy reading it :)
Hello, I was looking through the code and I found multiple memory corruption bugs
Buffer overflow in
load_ROM
The file size is not checked before its contents are written using
fread
Out-of-bounds read and write in
decode_instruction
In the fuction
decode_instruction
the decrement of the stack pointer for the return instructionand the increment of the stack pointer for the call instruction
do not check if the stack will under/over-flow respectively. This can allow writing out-of-bounds of the
chip.stack
array.Out-of-bounds QUIT
In the function
main
there is the following codehowever in the definitions in
main.h
we haveand
so this read is always out-of-bounds there.
I took this as a CTF challenge to myself and tried to write an exploit for this, while I could achieve some interesting behaviours when PIE is disabled I could not achieve full arbitrary code execution. I may publish this as a blog post because it was fairly fun.
Keep up the good work!