On Sun, 4 May 2003, Calin A. Culianu wrote:
> IIRC, x86 ints have the high-order byte _last_ (ie the fourth byte).
> What's to stop someone from, say, smashing a buffer (and consequently
> return-address) on the stack using something like {0x01, 0x01, 0x01,
> 0x00} which is really address '65793' in base-10. The above is a valid
> ASCII string (3 1's followed by a NUL) which could conceivably end up on
> the stack as the result of an errant strcpy() or gets() or whatever...
you are right, it is possible to use the enclosing \0 to generate an
address into the first 16MB, but how do you get any arguments passed to
that function?
Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed May 07 2003 - 22:00:19 EST