On 03/14/12 21:08, Don Clugston wrote:
>
> I didn't realize that was possible. Very interesting.
> As it stands, though, that's got some pretty serious issues.
>
> You are on the stack of the function that was called, but you don't know for
> sure that it is a valid stack.
>
> asm {
> push EBX;
> mov EBX, ESP;
> mov ESP, 0; // Look ma, no stack!
>
> mov int ptr [ESP], 0; // segfault -- null pointer exception
>
> mov ESP, EBX;
> pop EBX;
> }
>
> Now, your user space handler will cause another segfault when it does the mov
> [ESP], 0. I think that gives you an infinite loop.
>
I think that case is sufficiently rare that it'd have to count somewhere
between "act of god" and "outright developer malice". The assumption that the
stack frame is valid is, I'd say, safe to make in the vast majority of cases.
You pretty much have to actively try to break it, for no clearly discernible
reason.
