This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: GCC extension for protecting applications from format string attacks
- To: Zack Weinberg <zackw at Stanford dot EDU>
- Subject: Re: GCC extension for protecting applications from format string attacks
- From: Richard Henderson <rth at redhat dot com>
- Date: Thu, 5 Apr 2001 13:12:18 -0700
- Cc: Makoto Iwamura <iwamura at pb dot highway dot ne dot jp>, vuln-dev at securityfocus dot com, gcc-patches at gcc dot gnu dot org, etoh at jp dot ibm dot com
- References: <200103311455.AA00214@sate.pb.highway.ne.jp> <20010405115103.C3968@stanford.edu> <20010405123447.C3558@redhat.com> <20010405125727.F3968@stanford.edu>
On Thu, Apr 05, 2001 at 12:57:27PM -0700, Zack Weinberg wrote:
> Aaargh.
Yeah. Anyway, just counting the number of arguments doesn't really do
the job here. You also have to know what type the passed arguments were.
If the target uses fp registers for fp data, and integer registers for
pointer data, or data registers for integer data and address registers
or pointer data, or .... Then you can still feed uninitialized values
to printf by having a type mismatch between the format string and the
actual parameters. Multiple sets of counts don't do the job because the
calling convention might leave holes in the registers that it uses.
The only solution is an array of data as by __builtin_classify_type for
each passed parameter.
r~