Re: OS stopping stack buffer overflow exploits

From: Florian Weimer (
Date: Sun Jun 04 2000 - 10:07:01 EST

"Peter T. Breuer" <> writes:

> > > And I have no idea why they should want to: nesting is purely a
> > > question of namespaces and syntactic scoping. It should impact
> > > the implementation semantics not at all.
> > Yes, that's right. That's why we need trampolines: otherwise, pointers
> > to nested functions would have semantics differing from ordinary function
> > pointers.
> Why so?

Please read the paper:

| In order to implement nesting and lexical closures in C++, we
| have to introduce a static link chain that links each activation
| record to the correct activation record for the lexically enclosing
| function (see [AU79] and [Wir77] for terminology). When we invoke
| a function, we not only have to know its address, but we also have
| to pass along a pointer to the correct activation record for the
| lexically enclosing function.

I've put a copy at:

> When we do the call the return address gets pushed and we jump
> to the pointer.

No, it's different.

> It references locations in its frame on the stack for its
> local variables, and locations higher up the stack for the enclosing
> functions variables.

How do you do that if the call of the nested function is itself nested
in another function? Unwind the stack until you get a stack frame
which looks like the correct one? This is horrible slow and breaks if
there's recursion (like many if not all if the static approaches).

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:18 EST