...
If a vulnerability exists in this program that allows an attacker to overwrite the log_fn function pointer (, such as a buffer overflow or arbitrary memory write), the attacker may be able to overwrite the value of printf with the location of an arbitrary function.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
Related Guidelines
This rule appears in the C++ Secure Coding Standard as : MSC16-CPP. Consider encrypting function pointers.
Bibliography
| Wiki Markup |
|---|
\[[MSDN|AA. Bibliography#MSDN]\] [{{EncodePointer()}}|http://msdn.microsoft.com/en-us/library/bb432254(VS.85).aspx], [{{DecodePointer()}}|http://msdn.microsoft.com/en-us/library/bb432242(VS.85).aspx]
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE-311|http://cwe.mitre.org/data/definitions/311.html], "Missing Encryption of Sensitive Data" |
...