Re: Parameter Overflow Attack?

From: Mark Gordon (spamtrap@flash-gordon.me.uk)
Date: 11/28/02 

Date: Thu, 28 Nov 2002 22:33:19 +0000
From: Mark Gordon <spamtrap@flash-gordon.me.uk>

On 28 Nov 2002 19:09:35 GMT
roberson@ibd.nrc.ca (Walter Roberson) wrote:

> In article <20021128164153.41e80c7b.spamtrap@flash-gordon.me.uk>,
> Mark Gordon <spamtrap@flash-gordon.me.uk> wrote:
> :Also, the normal C calling conventions are that the parameters are
> :pushed on to the stack in reverse order, followed by the return
> address:so the called routine would see everything correctly. The
> caller is then:normally responsible for removing the parameters from
> the stack.
>
> I do not think that you are correct that this is
> "the normal C calling convention".

I did not say normal, I said standard ;-)

> Real machines are much more
> complex, passing some items in registers, worrying about alignments,
> having to account for structs, possibly doing varargs differently.
> See for example this description of an ABI for SGI -N32 (MIPS cpus):
> http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi?coll=0650&db=bks&fname=/SGI_Developer/books/Mpro_n32_ABI/sgi_html/ch02.html&srch=calling%20conventions.cc.umanitoba.ca>

<snip>

I knew that things were more complex within a module, especially when an
optimiser gets involved. However, I did not know (or ad forgotten) that
on some systems the frame pointer is used so parameters can be the other
way up. However, in my defence, I was using the term "standard C calling
conventions" because that was how I had previously seen it described.
The SGI ABI provides the same resiliance against too many parameters as
what I described as the standard C calling conventions. 

-- 
Mark Gordon
Still learning.

Relevant Pages

  • RE: Calling convention
    ... For calling conventions, cleaning stack means remove parameters info from ... I will explain cdecl, ... Microsoft Online Community Support ...
    (microsoft.public.dotnet.framework.interop)
  • Re: Calling convention
    ... For calling conventions, cleaning stack means remove parameters info from ... Microsoft Online Community Support ... nature are best handled working with a dedicated Microsoft Support Engineer ...
    (microsoft.public.dotnet.framework.interop)
  • Re: GCC front-end for FORTH?
    ... more or less the same as generating C from Forth and then compiling ... No, of course not, but Java's stack is local to the function, and Java ... and the particular calling conventions. ... I guess this question amounts to "is it possible to stop the back-end ...
    (comp.lang.forth)
  • Re: passing to C function less argument than required
    ... And the compiled binary has no problem running at all. ... be 7 argument in stack, ... I think this has to do with calling conventions. ... have an appropriate newsgroups line in your header for your mail to be seen, ...
    (comp.lang.c.moderated)
  • Re: Making C better (by borrowing from C++)
    ... This means that the called function cleans up the ... >> stack, i.e. adds to the stack before returning the space allocate ... different calling conventions automatically. ...
    (comp.lang.c)