Databases Reference
In-Depth Information
Figure 1.3
Stack allocations
when calling foo.
data. Assume also that no-bounds checking is done and that the code looks
like the following:
int foo(char* a, char* b) {
char buf[10];
// now comes the code
strcpy(buf, a);
...
}
Foo has a buffer overflow vulnerability. In order to understand this, ask
yourself what would happen if I were to call the function using:
main() {
…
int i = foo("I am a string that has many more characters than
10 and I will wreak havoc on your program", "ta da!");
…
}
Search WWH ::
Custom Search