...
Noncompliant Code Example
This noncompliant code example assigns the address of the printf() function to the log_fn function pointer, which may be in allocated in the stack or data segment.
| Code Block | ||
|---|---|---|
| ||
int (*log_fn)(const char *, ...) = printf;
/* ... */
log_fn("foo");
|
If a vulnerability exists in this program that allows an attacker can launch some kind of overwrite attack to overwrite the log_fn function pointer (such as a buffer overflow , they or arbitrary memory write), the attacker may be able to overwrite the value of printf with the location of an arbitrary function.
...
Two similar functions are under consideration for the C1X major revision to the new C Standard, tentatively dubbed C1X.
C1X defines encode_pointer() to have the following behavior:
...