R
rep_movsd
Hi
I program primarily in C++ , but once in a while one is forced to use
the odd strcpy or call API functions that dump results into char*
buffers.
I believe that most security exploits that work by thrashing the stack
to overwrite the return address, allowing arbitrary code execution.
I have now fallen into the habit of declaring temporary buffers as
static char arrays.
Is this a good idea in general?
Are there other kinds of exploits which do not rely on stack
thrashing?
Vivek
I program primarily in C++ , but once in a while one is forced to use
the odd strcpy or call API functions that dump results into char*
buffers.
I believe that most security exploits that work by thrashing the stack
to overwrite the return address, allowing arbitrary code execution.
I have now fallen into the habit of declaring temporary buffers as
static char arrays.
Is this a good idea in general?
Are there other kinds of exploits which do not rely on stack
thrashing?
Vivek