| Wiki Markup |
|---|
The C+\+ Standard [ISO/IEC 14882-2003|AA. C++ References#ISO/IEC 14882-2003] Section 3.2, "One definition rule," says, in paragraph 3: "Every program shall contain exactly one definition of every non-inline function or object that is used in that program; no diagnostic required." Although it is possible to check that the ODR is complied with (see \[[Quinlan 06|AA. C++ References#Quinlan 06]\]), compilers do not, at present, enforce the rule or even issue a diagnostic. As the paper by Quinlan, et al. shows, failing to enforce the ODR enables a virtual function pointer attack, known as the VPTR exploit. |
...
This example is taken from the paper by Quinlan , et al. referenced above.
Base abstract class (Base.h)
...
If the attacker module can be introduced into the system so that the linker chooses it in preference to the "proper" class defined in Module.cpp (which can usually be achieved by putting the attacker module before the innocuous module in the list of modules to be linked, or in the shared library path), then it is possible to corrupt the virtual function table.
...
- ISO/IEC 14882-2003 Section 3.2, "One definition rule"
- Quinlan 06 Quinlan, Dan; et al. "Support for Whole-Program Analysis and the Verification of the One-Definition Rule in C++"