Turning a SIGSEGV into a regular function call under Linux, allowing throw
Don Clugston
dac at nospam.com
Wed Mar 14 14:54:48 PDT 2012
On 14/03/12 21:59, Sean Kelly wrote:
> On Mar 14, 2012, at 1:54 PM, FeepingCreature wrote:
>>
>> I think that case is sufficiently rare that it'd have to count somewhere between "act of god" and "outright developer malice". The assumption that the stack frame is valid is, I'd say, safe to make in the vast majority of cases. You pretty much have to actively try to break it, for no clearly discernible reason.
>
> The prevalence of buffer overflow attacks might suggest otherwise.
void foo()
{
bar();
}
void bar()
{
int y;
int *p = &y;
p[1] = 0;
}
The assignment to p[1]=0 clobbers the location where EBP was pushed.
Then:
mov ESP, EBP; // ESP is OK
pop EBP; // EBP is now 0
ret;
now return to foo, where we get:
call bar;
-> mov ESP, EBP; // ESP is now 0
pop EBP; // segfault
ret
Unfortunately it's not difficult to corrupt ESP.
More information about the Digitalmars-d
mailing list