On Wednesday, 9 January 2013 at 21:13:35 UTC, H. S. Teoh wrote:
Dereferencing null is also moot, because you'll just get an
exception or a segfault, which is no help for a potential
expoit.
BTW, not necessarily... this is a fairly unlikely situation,
granted, but imagine:
struct Thing {
ubyte[1024*1024] buffer;
int a;
}
Thing* t = null;
t.a = 10;
That'd turn into something like
mov eax, 0 ; the pointer value itself
mov dword ptr [eax + 1024*1024], 10 ; add the offset of the field
before doing the read/write...
which quite possibly does overwrite something exploitable.
