Content deleted Content added
m typo |
m [arguments] |
||
Line 3:
This is a common vulnerability due to the fact that format bugs were previously thought harmless and resulted in vulnerabilites in many common tools. [http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=format+string MITRE's CVE project] list roughly 150 vulnerable programs.
Format bugs are because C's argument passing conventions are type-unsafe. In particular, the <code>varargs</code> mechanism allows [[Subprogram|functions]] to accept any number of arguments (e.g. printf) by "popping" as many [[Argument|arguments]] off the call [[Stack_(computing)|stack]] as they wish, trusting the early arguments to indicate how many additional arguments are to be popped, and of what type.
===See Also===
| |||