HexVASAN: A Variadic Function Sanitizer10/04/2017 Objective: Inspiration Variadic functions introduce an implicitly defined contract between the caller and callee. Failing to enforce the contract correctly leads to a vulnerability. Current tools do not find variadic function type errors or prevent attackers from exploiting calls to variadic functions. Unfortunately, variadic functions are prevalent. Here, I propose a new sanitizer to address this attack vector. Speaker(s)
|