suite/tests/client-interface/security.c - external/dynamorio - Git at Google

 /* **********************************************************
  * Copyright (c) 2007-2010 VMware, Inc.  All rights reserved.
  * **********************************************************/

 /*
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  * * Redistributions of source code must retain the above copyright notice,
  *   this list of conditions and the following disclaimer.
  *
  * * Redistributions in binary form must reproduce the above copyright notice,
  *   this list of conditions and the following disclaimer in the documentation
  *   and/or other materials provided with the distribution.
  *
  * * Neither the name of VMware, Inc. nor the names of its contributors may be
  *   used to endorse or promote products derived from this software without
  *   specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
  * DAMAGE.
  */

 #include "tools.h"

 /* Needed to avoid this MSVC 2010 warning on our intentional OOB write:
  * warning C4789: destination of memory copy is too small
  */
 void **
 pointer_plus_three(void **a)
 {
     return a + 3;
 }

 void baz()
 {
     print("** Return address successfully overwritten **\n");
     exit(1);
 }

 void bar()
 {
     void **a[2];
     /* Can't create a new local or we'll disturb the frame layout. */
     print("** Return address successfully overwritten **\n");
     a[0] = pointer_plus_three((void **)a);
     *a[0] = (void *)baz;
 }

 void foo()
 {
     void **a[2];
     /* Can't create a new local or we'll disturb the frame layout. */
     a[0] = pointer_plus_three((void **)a);
     *a[0] = (void *)bar;
 }

 int main()
 {
     foo();
     fprintf(stderr, "** unexpected return from foo\n");
     fflush(stderr);
     return 0;
 }
	/* **********************************************************
	* Copyright (c) 2007-2010 VMware, Inc. All rights reserved.
	* **********************************************************/

	/*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions are met:
	*
	* * Redistributions of source code must retain the above copyright notice,
	* this list of conditions and the following disclaimer.
	*
	* * Redistributions in binary form must reproduce the above copyright notice,
	* this list of conditions and the following disclaimer in the documentation
	* and/or other materials provided with the distribution.
	*
	* * Neither the name of VMware, Inc. nor the names of its contributors may be
	* used to endorse or promote products derived from this software without
	* specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	* ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE
	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
	* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
	* DAMAGE.
	*/

	#include "tools.h"

	/* Needed to avoid this MSVC 2010 warning on our intentional OOB write:
	* warning C4789: destination of memory copy is too small
	*/
	void **
	pointer_plus_three(void **a)
	{
	return a + 3;
	}

	void baz()
	{
	print(" Return address successfully overwritten \n");
	exit(1);
	}

	void bar()
	{
	void **a[2];
	/* Can't create a new local or we'll disturb the frame layout. */
	print(" Return address successfully overwritten \n");
	a[0] = pointer_plus_three((void **)a);
	a[0] = (void )baz;
	}

	void foo()
	{
	void **a[2];
	/* Can't create a new local or we'll disturb the frame layout. */
	a[0] = pointer_plus_three((void **)a);
	a[0] = (void )bar;
	}

	int main()
	{
	foo();
	fprintf(stderr, "** unexpected return from foo\n");
	fflush(stderr);
	return 0;
	}