How To Identify Buffer Underwrite Vulnerabilities
From Guidance Share
Jump to navigationJump to search
The following is an example of code that may result in a buffer underwrite, should find() returns a negative value to indicate that ch is not found in srcBuf:
int main() { ... strncpy(destBuf, &srcBuf[find(srcBuf, ch)], 1024); ... }
If the index to srcBuf is somehow under user control, this is an arbitrary write-what-where condition.