1 #include <stdlib.h>
2 #include <unistd.h>
3 #include <sys/syscall.h>
4
main(void)5 int main(void)
6 {
7 // uninitialised, but we know pi[0] is 0x0
8 int* pi = malloc(sizeof(int));
9
10 // uninitialised, but we know pc[0] points to 0x0
11 char** pc = malloc(sizeof(char*));
12
13 // Five errors:
14 // - the syscall number itself is undefined (but we know it's
15 // 0 + __NR_write :)
16 // - each of the scalar args are undefined
17 // - the 2nd arg points to unaddressable memory.
18 syscall(pi[0]+__NR_write, pi[0], pc[0], pi[0]+1);
19
20 return 0;
21 }
22
23