...
This compliant solution performs a postcondition test to ensure that the result of the unsigned addition operation to i is not less than the operand a. However, this code contains a race condition where i can be modified after the addition, but prior to the atomic load. This solution is only compliant if i is guaranteed to only be access by a single thread. See CON43-C. Do not assume that a group of calls to independently atomic methods is atomic for more information.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdatomic.h>
atomic_uint i;
void func(unsigned int a) {
atomic_fetch_add(&i, a);
if (atomic_load(&i) < a) {
/* Handle error condition */
}
/* ... */
} |
Exceptions
...
A Linux kernel vmsplice exploit, described by Rafal Wojtczuk [Wojtczuk 2008], documents a vulnerability and exploit arising from a buffer overflow (caused by unsigned integer wrapping).
...