Timeline for format string vulnerability - printf
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 15, 2011 at 6:57 | history | edited | Jonathan Leffler | CC BY-SA 3.0 |
Add second lot of illustrative code
|
| Apr 15, 2011 at 6:45 | history | edited | Jonathan Leffler | CC BY-SA 3.0 |
Add illustrative code
|
| Apr 15, 2011 at 6:33 | comment | added | Jonathan Leffler | @Vikas: the article was written in 2001, when life was simpler. Things have changed since then. It notes that the format string has to be on the stack, and then you can get at its address more easily. Modern compilers would not place the format string on the stack; it would most likely be in the text segment (program code; readonly memory). | |
| Apr 15, 2011 at 6:25 | comment | added | Vikas Yendluri | Thank you, I understand this, but the paper then claims that this code "Will dump memory from 0x08480110 until a NUL byte is reached." why is is that putting the memory address at the beginning of the format string allows you to print the contents at that address when you get to the %s? | |
| Apr 15, 2011 at 6:18 | history | answered | Jonathan Leffler | CC BY-SA 3.0 |