Thank you very much,you help me a lot. At 2014-09-10 10:12:54, "Paul Marinescu" <[email protected]> wrote:
No, there is no such function. This paper http://security.ece.cmu.edu/aeg/aeg-current.pdf discusses the problem in detail. Paul On 10 Sep 2014, at 14:34, Jonathan Neuschäfer <[email protected]> wrote: On Wed, Sep 10, 2014 at 09:56:19AM +0800, 高凤娟 wrote: Hi, Is there any function that gives us the distance between the buffer and the return address?I'm trying to detect buffer overflow.In order to make sure the buffer overflow detected is a dangerous one,I want to know if the overflowed string overlap the return address.For example,//////////////////////////.....(other code)char a[2];char b[6];klee_make_symbolic(b)strcpy(a,b);////////////////////////I want to know the distance between a[1] and the return address.Sorry for my poor english...Anyone can help me? Many thanks in advance. ------------------------------- Richel Gao I am not very familiar with KLEE, but the distance of a stack variable to the return address depends on the compiler, the CPU architecture and maybe the operating system. Furthermore, today's compilers may use stack canaries[1] to make exploitation harder in case the return address is overwritten. If you've found a buffer overflow and want to know if it will be able to overwrite the return address you should probably disassemble the compiled program (or ask the compiler to give you the intermediate assembler code), and then check this yourself. A debugger may also help. If you've found a bunch of buffer overflows and are thinking about which of them you will fix, please fix all of them. Hope that helps, Jonathan Neuschäfer [1] https://en.wikipedia.org/wiki/Buffer_overflow_protection _______________________________________________ klee-dev mailing list [email protected] https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
_______________________________________________ klee-dev mailing list [email protected] https://mailman.ic.ac.uk/mailman/listinfo/klee-dev
