Skip to content

PICOC Null Pointer Dereference Denial of Service

PICOC Suffers from a Denial of Service (CWE476) vulnerability as a result of a Null Pointer Dereference. Any project or library that uses Picoc also suffers from this issue. An example of this would be picoc-js (https://www.npmjs.com/package/picoc-js). As a result PICOC will immediately segfault.

Reproduction Steps

  1. Create a file to be executed by the PICOC interpreter
$ touch vulncode
  1. Add the following code to the file:
printf("Before Crash\n");
**4%;
printf("This code won't execute because of the crash\n");
  1. Execute PICOC against the file:
$ ./picoc -s vulncode
  1. You will receive a segfault and the program will crash. This is a result of a null pointer dereference that is not caught or handled by the interpreter. The vulnerable line of code can be seen below:
**4%;

Solution

Adding a few if statements that verify the pointer is not NULL before usage will solve this problem. You can find more information about this here:

https://owasp.org/www-community/vulnerabilities/Null_Dereference

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information