National Institute of Standards and Technology
Package illustrating a test case

Test case 1501

Type
source code
State
bad
Author
Robert C. Seacord
Status
candidate
Language
C++
Submission Date
Operating System
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Description

Modifying the instruction pointer. The invocation through the function pointer funcPtr uses an indirect reference, and the address inthe referenced location can be overwritten. As the function pointer address cannot be resolved at compiled time, it can be exploited to transfer control to arbitrary code.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 81, Figure 3-4

Flaws

Have any comments on this test case? Please, send us an email.