Post Info: # Author: Flavio do Carmo Junior aka waKKu
# URL: Author’s Webpage
# Date: January 28, 2012
# Category: Assembly, Exploiting, Programming, Security
As I said in my last post…
I will be writing 3 quick and quite straightforward posts this week.
All (partially) inspired by this video: http://www.youtube.com/watch?v=i2fhNVQPb5I (I am a C Programmer) and regarding to stack overflows.
- 1) Signedness bug
- 2) Widthness overflow
- 3) Pointer Subterfuge
Nothing new I suppose, however, as usual I look forward to demystifying them completely. Therefore, any doubts in any of these bugs, please feel free to comment, elaborate my explation or even curse me by my mistakes.
All codes will be compiled using 32bits, just because I think it is easier to understand and be tested using VMs.
2) Widthness Overflow
Overview
- Widthness overflow bugs are exactly what the name says. Very similar to signedness bugs seen on my last post.
Imagine we have a field that must be small and controlable, skimp green as we are, we could declare a 1 byte variable (char) to save some space. The example is 1 byte long, although it could be any size of variable, as long as it is not the maximum size/width (otherwise would be impossible to overflow).
Code Example:
Read the rest of this entry »
