c++ - Defending against stack overflow by user scripts -

-


c++ - Defending against stack overflow by user scripts -

c++ has limited stack space no way functions check whether there's plenty space left them run. don't know when writing script bindings.

for example:

class container : widget { void addchild(widgetptr child) { ... } void draw(canvas& canvas) { (auto kid : m_children) { child.draw(); } } };

a malicious script can crash program:

var = new container() (i = 0; < 10000000; i++) { var b = new container() a.addchild(b) = b } a.draw() // 10000000 nested calls ---> stack overflow

there's callback problem:

void dosomething(std::function<void()> callback) { callback(); }

if wrapped using this:

scriptvalue dosomething_wrapper(scriptargs args) { dosomething([&]() { args[0].callasfunction(); }); }

crashed using:

function badcallback() { dosomething(badcallback) } dosomething(badcallback) ... dosomething_wrapper dosomething scriptvalue::callasfunction ... dosomething_wrapper dosomething scriptvalue::callasfunction ... boom!

what's idiomatic way defend against to the lowest degree inconvenience?

what browsers written in c++ (firefox, chrome) do?

what can not introduce vulnerability accident?

while "malicious" script cause stack overflow, describe, can´t harm programme more causing crashes way (at to the lowest degree on modern os stack limit checked , hence it´s safe against overwrites of other of import data).

if it´s critical programme running time, process has monitor (and restart if necessary. not because stack overflows, there many more potential problems.). other that, there isn´t much 1 can if os stack used. dynamically allocating big memory block single pointer in stack , doing whole memory management manually in block possible, maybe impractical.

about eg. firefox: @ to the lowest degree parts of programme using own memory management (but i´m not sure if relevant plugins, scripts etc.). additionally, there separate process plugin-container.exe (at to the lowest degree on windows), , killing won´t kill firefox (only plugin part flash etc. won´t work anymore , user gets message plugin crashing).

c++ security scripting stack-overflow

Comments

Post a Comment

Popular posts from this blog

java - How to set log4j.defaultInitOverride property to false in jboss server 6 -

-
java - How to set log4j.defaultInitOverride property to false in jboss server 6 - how set log4j property false in jboss. not using log4j in application still property has set true. the reason, why trying set property false is, suspecting property overrides java.util.logging.logger configuration provided application. might because of this, log file not getting generated. boot.log infomation below: 02:46:10,495 debug [serverinfo] log4j.defaultinitoverride: true 02:46:10,496 debug [serverinfo] org.jboss.deployers.spi.deployer.matchers.nameignoremechanism: org.jboss.deployers.spi.deployer.helpers.dummynameignoremechanism 02:46:10,496 debug [serverinfo] org.jboss.logging.logger.pluginclass: org.jboss.logging.logmanager.loggerpluginimpl i have found in boot.log in jboss. in 1 of blog, developers told me that, log4j.defaultinitoverride property should set false avoid override of java.util.logging.logger. comment same if wrong. java logging jboss log4j
Read more

c - GStreamer 1.0 1.4.5 RTSP Example Server sends 503 Service unavailable -

-
c - GStreamer 1.0 1.4.5 RTSP Example Server sends 503 Service unavailable - i'm trying create rtsp server based on gstreamer 1.0 1.4.5 plugin. source code of illustration taken here. with_tls , with_auth flags not enabled. i'm compiling using visual studio 2013 community edition. project building , running successfully. when i'm trying play video using vlc on address rtsp://127.0.0.1:8554/test says can't open mrl. recorded traffic (using rawcap) of communication between compiled server , vlc player following: request: options rtsp://127.0.0.1:8554/test rtsp/1.0 cseq: 2 user-agent: libvlc/2.2.0 (live555 streaming media v2014.07.25) response: rtsp/1.0 200 ok cseq: 2 public: options, describe, get_parameter, pause, play, setup, set_parameter, teardown server: gstreamer rtsp server date: thu, 09 apr 2015 03:35:30 gmt request: describe rtsp://127.0.0.1:8554/test rtsp/1.0 cseq: 3 user-agent: libvlc/2.2.0 (live555 streaming media v2014.07.25) accept: applicat...
Read more

Using ajax with sonata admin list view pagination -

-
Using ajax with sonata admin list view pagination - i'm using sonata admin in project. in list view sonata refresh page when clik sec list pagination. that's default behavior of sonata.is there way utilize ajax phone call list view pagination !!! same question when using sortable list view. thanks. this possible, have overwrite of basic functionality of sonata admin bundle. tested symfony 2.6.6 sonata admin-bundle dev-master (4f23e1a30e49681bf8ebdbbae549848784be7699) 1. edit bundles services.yml you have implement own crudcontroller , new list template. tell in services.yml sonata.admin.youradmin: class: your\bundle\admin\youradmin tags: - { name: sonata.admin, manager_type: orm, group: "groupname", label: "grouplabel" } arguments: - ~ - your\bundle\entity\entityclass - yourbundle:yournewcrud # <- add together crud class here calls: ...
Read more