Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
The C+\+ Standard [ISO/IEC 14882-2003|AA. C++ References#ISO/IEC 14882-2003] "One definition rule" (Section 3.2) says: "No translation unit shall contain more than one definition of any variable, function, class type, enumeration type or template."  Moreover, paragraph 3 says: "Every program shall contain exactly one definition of every non-inline function or object that is used in that program; no diagnostic required."  Although it is possible to check that the ODR is complied with (see \[[Quinlan 06|AA. C++ References#Quinlan 06]\]), as of October 2006 we are not aware of any compilers that enforce the rule or even issue a diagnostic.  As the paper by Quinlan et al. shows, failing to enforce the ODR enables a virtual function pointer attack, known as the VPTR [exploit|BB. Definitions#exploit].  This is where an object's virtual function table is corrupted so that calling a virtual function on the object results in malicious code being executed.  See the paper by Quinlan et al. for more details.

...

Wiki Markup
\[[ISO/IEC 14882-2003|AA. C++ References#ISO/IEC 14882-2003]\] Section 3.2, "One definition rule"

Wiki Markup
\[[Quinlan 06|AA. C++ References#Quinlan 06]\]