16 virtual int access() { return this->value
; }
21 virtual int access() { return this->value
; }
23 struct C
: public A
, public B
{
24 C():better_value(789) {}
26 virtual int access() { return this->better_value
; }
29 D():other_value(987) {}
31 virtual int access() { return this->other_value
; }
34 volatile static int signal_count
= 0;
36 sigjmp_buf before_segv
;
39 handler(int sig
, siginfo_t
*si
, void *unused
)
42 printf("Got SIGSEGV at address: 0x%lx\n",
47 /* You are not supposed to longjmp out of a signal handler but it seems
48 to work for this test case and it simplifies it */
49 siglongjmp(before_segv
, 1);
53 /* Access one of the vtable_map variables generated by this .o */
54 extern void * _ZN4_VTVI1BE12__vtable_mapE
;
56 /* Access one of the vtable_map variables generated by libstdc++ */
57 extern void * _ZN4_VTVISt8ios_baseE12__vtable_mapE
;
63 ret
= sigsetjmp(before_segv
, 1);
66 /* This should generate a segmentation violation. ie: at this point it should
68 _ZN4_VTVI1BE12__vtable_mapE
= 0;
70 assert(ret
== 1 && signal_count
== 1);
72 ret
= sigsetjmp(before_segv
, 1);
75 /* Try to modify one of the vtable_map variables in the stdc++ library.
76 This should generate a segmentation violation. ie: at this point it
77 should be protected */
78 _ZN4_VTVISt8ios_baseE12__vtable_mapE
= 0;
80 assert(ret
== 1 && signal_count
== 2);
85 void myread(std::istream
* in
)
87 char input_str
[50] = "\0";
90 std::cout
<< input_str
<< std::endl
;
96 ifstream
* infile
= new ifstream("./thunk_vtable_map_attack.cpp");
99 /* Set up handler for SIGSEGV. */
101 sa
.sa_flags
= SA_SIGINFO
;
102 sigemptyset(&sa
.sa_mask
);
103 sa
.sa_sigaction
= handler
;
104 if (sigaction(SIGSEGV
, &sa
, NULL
) == -1)
108 assert(use(&c
) == 789);