...
| Code Block | ||
|---|---|---|
| ||
struct bf {
unsigned int m1 : 8;
unsigned int m2 : 8;
unsigned int m3 : 8;
unsigned int m4 : 8;
}; /* 32 bits total */
void function() {
struct bf data;
unsigned char *ptr;
data.m1 = 0;
data.m2 = 0;
data.m3 = 0;
data.m4 = 0;
ptr = (unsigned char *)&data;
(*ptr)++; /* couldcan increment data.m1 or data.m4 */
}
|
...
| Code Block | ||
|---|---|---|
| ||
struct bf {
unsigned int m1 : 6;
unsigned int m2 : 4;
};
void function() {
struct bf data;
data.m1 = 0;
data.m2 = 0;
data.m2 += 1;
}
|
Automated Detection
The tool Compass/ROSE could can detect the NCCE's easily. It need merely search for the following pattern:
...