[Dailydave] Dangling pointers exploitation
pageexec at freemail.hu
pageexec at freemail.hu
Wed Jul 25 15:29:43 EDT 2007
On 25 Jul 2007 at 14:03, Thomas Ptacek wrote:
> I'm not sure "saved return address on the stack" is the real vector
> for uninitialized variables.
it is not, nor were you talking about unitialized variables per se,
but this entirely 'new' class of bugs of wild pointers, which according
to you means:
> you have a pointer who's value seems unpredictable but is
> in fact strongly influenced by the execution environment which is in
> turn often influenced by inputs and timing.
you tell me why an overwritten return address doesn't qualify ;).
More information about the Dailydave
mailing list