Every so often, somebody "discovers" an alleged security vulnerability in the FormatMessage function. You can try it yourself:#include <windows.h>
#include <stdio.h> char buf[2048];
char extralong[128*1024];int __cdecl main(int argc, char **argv)
{
memset(extralong, 'x', 128 * 1024 - 1);
DWORD_PTR args[] = { (DWORD_PTR)extralong };
FormatMessage(FORMAT_MESSAGE_FROM_STRING |
FORMAT_MESSAGE_ARGUMENT_ARRAY, "%1", 0, 0,
buf, 2048, (va_list*)args);
return 0;
}
Read more: The old new thing
QR:
#include <stdio.h> char buf[2048];
char extralong[128*1024];int __cdecl main(int argc, char **argv)
{
memset(extralong, 'x', 128 * 1024 - 1);
DWORD_PTR args[] = { (DWORD_PTR)extralong };
FormatMessage(FORMAT_MESSAGE_FROM_STRING |
FORMAT_MESSAGE_ARGUMENT_ARRAY, "%1", 0, 0,
buf, 2048, (va_list*)args);
return 0;
}
Read more: The old new thing
QR:
Posts
0 comments:
Post a Comment