A Type System for Format Strings

[Pages:58]A Type System for Format Strings

Konstantin Weitz Gene Kim

Siwakorn Srisakaokul Michael D. Ernst

weitzkon@uw.edu genelkim@uw.edu ping128@uw.edu mernst@uw.edu

1

Format String APIs

printf("name: %s age: %d", "Konstantin", 25);

"name: Konstantin age: 25"

2

Format String APIs

printf("name: %s age: %d", "Konstantin", 25);

"name: Konstantin age: 25"

Problem: easy to misuse

3

Implications of Misuse

Unintelligible Output

printf("cannot open %s"); > cannot open oN

4

Implications of Misuse

Unintelligible Output Program Crash

printf("%d", "str");

5

Implications of Misuse

Unintelligible Output Program Crash Security Vulnerability

printf("%.*d%n", attack_code, 0, return_addr);

6

Root Causes of Misuse

Invalid Format String Syntax

printf("%y");

7

Root Causes of Misuse

Invalid Format String Syntax Wrong Number of Arguments

printf("%d %s", 42);

8

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.