Check out the new USENIX Web site. next up previous
Next: Malloc() overflow Up: Exploitation techniques Previous: Return-into-libc

Other code pointers

Code pointers other than the return address can also be overwritten, such as a function pointer variable [5], a pointer to a shared library function in the global offset table [21], the table of pointers to destructor functions [15], or a C++ virtual function pointer [16]. Exploits that alter those code pointers and not the return address can bypass StackGuard, StackShield and Libsafe.