The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
This can lead to resultant weaknesses when the required properties change, such as when the product is ported to a different platform or if an interaction error (CWE-435) occurs.
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
CVE: CVE-2006-1902
Change in C compiler behavior causes resultant buffer overflows in programs that depend on behaviors that were undefined in the C standard.
N/A
N/A
| Phase | Note |
|---|---|
| None listed. | |
Intro: This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.
Body: The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution.
int (*pt2Function) (float, char, char)=0x08040000; int result2 = (*pt2Function) (12, 'a', 'b'); // Here we can inject code to execute.Intro: The following function returns a stack address.
char* getName() { char name[STR_MAX]; fillInName(name); return name; }