Description
Program using atexit(). The atexit() function is used in C99 to register a function test() on line 27. The program assigns the string to the global variable glob (on line 28). The test() function is invoked after the program exists and prints out this string.
As the atexit() function works by adding a specified function to an array of existing functions to be called on exit, it is possible to transfer control to arbitrary code with an arbitrary memory write or a buffer overflow directly into the __exit_funcs structure.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 89, Figure 3-12
Flaws
Have any comments on this test case? Please, send us an email.