Yabasic crash
Posted: Fri Dec 03, 2004 12:27 pm
When entering aaaaaaaaaaaa....=0 in Yabasic, but with 40,000 a's (you can use copy/paste to create such a long string very fast), then on start the interpreter crashs (not with 20,000, I haven't checked the exact limit).
I discovered this bug while trying to find another bug: In the source code of Yabasic (http://www.yabasic.de/ , see Download) there is a function "strip" in main.c, which can cause a buffer overflow (strcpy on a 300 byte buffer) with long identifiers, but looks like it doesn't occur. The other crash looks like some 32,768 limit in the parser (perhaps the Flex/Bison sources) part of Yabasic, because the program is not executed.
Perhaps Yabasic crashs, because a return pointer on stack is overwritten. Is it possible to write a Basic program, which contains machine code, which will be executed on this bug?
I discovered this bug while trying to find another bug: In the source code of Yabasic (http://www.yabasic.de/ , see Download) there is a function "strip" in main.c, which can cause a buffer overflow (strcpy on a 300 byte buffer) with long identifiers, but looks like it doesn't occur. The other crash looks like some 32,768 limit in the parser (perhaps the Flex/Bison sources) part of Yabasic, because the program is not executed.
Perhaps Yabasic crashs, because a return pointer on stack is overwritten. Is it possible to write a Basic program, which contains machine code, which will be executed on this bug?