The location in memory of a function is computed at compile time and then stored for later use by the program. If an attacker can overwrite certain function pointers, they may be able to execute arbitrary code. To mitigate the effects of such attacks, pointers to functions may can be encrypted at run time runtime based on some characteristics of the execution process such so that only a running process will be able to decode them.
...
This noncompliant code example assigns the address of the printf() function to the log_fn function pointer, which may can be in allocated in the stack or data segment.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: MSC16-CPP. Consider encrypting function pointers
MITRE CWE: CWE-311, "Missing Encryption of Sensitive Data"
Bibliography
| Wiki Markup |
|---|
\[[MSDN|AA. Bibliography#MSDN]\] [{{EncodePointer()}}|http://msdn.microsoft.com/en-us/library/bb432254(VS.85).aspx], [{{DecodePointer()}}|http://msdn.microsoft.com/en-us/library/bb432242(VS.85).aspx]
\[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE-311|http://cwe.mitre.org/data/definitions/311.html], "Missing Encryption of Sensitive Data" |
...