1ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <stdlib.h> 2ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <unistd.h> 3ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown#include <sys/syscall.h> 4ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 5ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brownint main(void) 6ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown{ 7ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // uninitialised, but we know pi[0] is 0x0 8ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown int* pi = malloc(sizeof(int)); 9ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 10ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // uninitialised, but we know pc[0] points to 0x0 11ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown char** pc = malloc(sizeof(char*)); 12ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 13ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // Five errors: 14ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // - the syscall number itself is undefined (but we know it's 15ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // 0 + __NR_write :) 16ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // - each of the scalar args are undefined 17ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown // - the 2nd arg points to unaddressable memory. 18ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown syscall(pi[0]+__NR_write, pi[0], pc[0], pi[0]+1); 19ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 20ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown return 0; 21ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown} 22ed07e00d438c74b7a23c01bfffde77e3968305e4Jeff Brown 23