/* A simple Buffer Overflow Attack, with splint annotations * * Don Heller, dheller@cse.psu.edu, 28 Nov. 2005, 11 Dec. 2007, 19 Mar. 2012 */ #include #include #include static int n; static void f1(void) /*@globals n,fileSystem@*/ /*@modifies fileSystem@*/ { printf("%4d f1\n", n); } static void f2(void) /*@globals n,fileSystem@*/ /*@modifies fileSystem@*/ { printf("%4d f2 ***\n", n); } int main(/*@unused@*/ int argc, char *argv[]) /*@globals n@*/ /*@modifies n@*/ { void (*func)(void) = f1; uintptr_t A[2]; A[n = atoi(argv[1])] = (uintptr_t) f2; (*func)(); printf("main out\n"); return 0; }