Re: DIP1000

Thu, 15 Sep 2016 06:01:53 -0700 

On 09/15/2016 04:44 AM, Kagamin wrote:

Well, aliasing can be reproduced with locals

S s;
int* r = getPayload(s);
freePayload(s);
int v = *r; //UAF


Nit: in MiniD1000 you'd need to declare vars first, assign them second:

S s;
int* r;
r = getPayload(s);
freePayload(s);
int v;
v = *r;

(and there are no comments :o))


Multiparameter functions can be declared to be equivalent to

struct P { S* s; int* r; }
P p;
p.s = &s;
p.r = getPayload(s);
f(p); //as if f(S*,int*)


Thanks for making this point.


Andrei

Reply via email to