the tool doesn't track tainted data in static variables

GoogleCodeExporter commented 9 years ago

=====================
static char val[2];
int main(int argc, char** argv)
{
        int  fd1 = open(argv[1], O_RDONLY | O_CREAT, S_IRWXU | S_IRWXG);

        read(fd1, &val, 2);
        if(val[0]==10)
                abort();

        return 0;
}
=====================
Expected result:exploit_0_0:=0x0A00 but received nothing

Test environment:
Ubuntu 10.04 32 bit (2.6.32-33-generic i686 SMP) in Virtualbox OSE 4.0.4, 2 
core of i5-2500, 768 mb of RAM
Host OS: ubuntu 11.04 64 bit (2.6.38-10-generic x86_64 SMP)
compiler: gcc version 4.4.3

avalanche version: 0.4,0.5

Original issue reported on code.google.com by xeioexception on 22 Aug 2011 at 10:35

GoogleCodeExporter commented 9 years ago

Original comment by m.k.erma...@gmail.com on 22 Aug 2011 at 2:06

Changed state: Started

GoogleCodeExporter commented 9 years ago

Fixed on development branch, revision 237

Original comment by m.k.erma...@gmail.com on 22 Aug 2011 at 2:29

Changed state: Fixed

galaris / avalanche

the tool doesn't track tainted data in static variables #7