C++程序  |  23行  |  541 B

#include <stdlib.h>
#include <unistd.h>
#include <sys/syscall.h>

int main(void)
{
   // uninitialised, but we know pi[0] is 0x0
   int* pi  = malloc(sizeof(int));

   // uninitialised, but we know pc[0] points to 0x0
   char** pc  = malloc(sizeof(char*));
   
   // Five errors:  
   // - the syscall number itself is undefined (but we know it's
   //   0 + __NR_write :)
   // - each of the scalar args are undefined
   // - the 2nd arg points to unaddressable memory.
   syscall(pi[0]+__NR_write, pi[0], pc[0], pi[0]+1);

   return 0;
}