Description
The longjmp() function. C99 defines the setjmp() macro, the longjmp() function and the jmp_buf type which can be used to bypass the normal function call and return discipline. The longjmp() function can be exploited by overwriting the value of PC (the program counter) in the jmp_buf buffer with the start of the shellcode. It can be accomplished with an arbitrary memory write or by a buffer overflow directly into the jmp_buf structure.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 90, Figure 3-14
Flaws
Have any comments on this test case? Please, send us an email.