Talk:Uncontrolled format string
 | This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||
| |||||||||||||||||||
Broken links
I removed four broken links to format string papers and sites. If anyone has links to valid ones again, especially from trusted referenceable sources please add them. Kimos 03:46, 7 April 2006 (UTC)
C doesn't pop
C doesn't pop the arguments. Neither the assembly written library funktions, nor user written C funktions pop the arguments. User written assembly funktions doing this are possible, but it's safe to assume anybody who knows assembly is aware of the danger of messing with the stack. Instead C acesses the arguments with a pointer.
A standard C call looks like this :
; Caller ... push last argument ... push first argument call funktion add sp,argument size ...
; Funktion funktion proc near push bp mov bp,sp ; arguments can now be acessed by [bp+adress] ... pop bp ret funktion endp
In partikular, you cannot cause trouble by passing a wrong number of arguments (what would be devastating in BASIC or Pascal). Interestingly, the Windows API, what normally uses Pascal-calls uses C-calls for Vararg funktions, for exaclty that reason. Most printf related bugs print mearly garbage. By passing many %X or %s you get a dump of the stack or strings, that is only rarely a hazard. You might get acess to sensitive data, but this requires a lot of knowledge about the programm, and apropriate data structures. The most damaging possible is, to overwrite the code at the return adress with %n, what crashes the programm, but is probably insuficient to jump to malware. --79.200.87.213 (talk) 23:48, 6 February 2015 (UTC)
Content Disclaimer
Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.
- The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
- There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
- It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
- Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
- Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.