{"id":475,"date":"2013-08-07T22:08:03","date_gmt":"2013-08-07T20:08:03","guid":{"rendered":"http:\/\/blog.pi3.com.pl\/?p=475"},"modified":"2013-08-07T22:08:03","modified_gmt":"2013-08-07T20:08:03","slug":"the-story-of-ms13-002-how-incorrectly-casting-fat-pointers-can-make-your-code-explode","status":"publish","type":"post","link":"https:\/\/blog.pi3.com.pl\/?p=475","title":{"rendered":"The story of MS13-002: How incorrectly casting fat pointers can make your code explode"},"content":{"rendered":"<p>C++ supports developers in object-orientated programming and removes from the developer the responsibility of dealing with many object-oriented programming (OOP) paradigm problems. But these problems do not magically disappear. Rather it is the compiler that aims to provide a solution to many of the complexities that arise from C++ objects, virtual methods, inheritance etc. At its best the solution is almost transparent for the developers. But beware of assuming or relying on \u2018under-the-hood\u2019 behavior. This is what I want to share in this post &#8211; some aspects of how compilers deal with C++ objects, virtual methods, inheritance, etc. At the end I want to describe a real-world problem that I analyzed recently, which I called a \u201c<em>pointer casting vulnerability<\/em>\u201d.<\/p>\n<p>The full write-up you can find on the Microsoft SRD blog <a href=\"http:\/\/blogs.technet.com\/b\/srd\/archive\/2013\/08\/06\/the-story-of-ms13-002-how-incorrectly-casting-fat-pointers-can-make-your-code-explode.aspx\" target=\"_blank\">here<\/a>&#8230;<\/p>\n<p>Best regards,<\/p>\n<p>Adam<\/p>\n","protected":false},"excerpt":{"rendered":"<p>C++ supports developers in object-orientated programming and removes from the developer the responsibility of dealing with many object-oriented programming (OOP) paradigm problems. But these problems do not magically disappear. Rather it is the compiler that aims to provide a solution to many of the complexities that arise from C++ objects, virtual methods, inheritance etc. At [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-475","post","type-post","status-publish","format-standard","hentry","category-o-wszystkim-i-o-niczym"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=475"}],"version-history":[{"count":1,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/475\/revisions"}],"predecessor-version":[{"id":476,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=\/wp\/v2\/posts\/475\/revisions\/476"}],"wp:attachment":[{"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.pi3.com.pl\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}