Last Resort presents an unusual pwn challenge: instead of exploiting a memory corruption vulnerability, the goal is to find inputs that cause a sorting algorithm to produce incorrect results. The binary implements a comparison-based sort with a configurable recursion limit. The vulnerability is the classic integer comparison bug -- using a - b as a comparator -- which breaks the strict weak ordering contract when values near INT_MIN and INT_MAX are subtracted. The solve uses targeted fuzzing with boundary values to efficiently discover triggering inputs.

The sorting algorithm uses a comparator function of the form:

int compare(int a, int b) {
    return a - b;
}

This is a well-known antipattern in C. When a and b have values near the extremes of the 32-bit signed integer range, a - b overflows:

INT_MAX - (-1) = 0x7FFFFFFF - 0xFFFFFFFF = 0x80000000 = INT_MIN (negative!)

The comparator claims INT_MAX < -1, which is obviously false. This violates the strict weak ordering invariant required by comparison-based sorting algorithms. When the comparator lies about the ordering of elements, the sort can: