1 // Compile with /home/llozano/local2/proj/vtable/gcc-root/usr/local/bin/g++ -m32 -fvtable-verify=std -fpic -rdynamic -Wl,-R,/home/llozano/local2/proj/vtable/gcc-root/usr/local/lib32:./lib32 -I/home/llozano/local2/proj/vtable/vt2/gcc-4_6-mobile-vtable-security//libstdc++-v3/libsupc++ temp_deriv.cc -O0 -ldl -lpthread -Wl,--whole-archive,-lvtv_init,--no-whole-archive,-z,relro -DTPID=0 -g
2 // Look at assembly with: objdump -drl a.out
8 extern "C" int printf(const char *, ...);
10 static int counter
= 0;
15 virtual void inc() { counter
+= i
; }
18 struct derived
: public base
20 virtual void inc() { counter
+= (10*i
); }
23 // We don't use this class. It is just here so that the
24 // compiler does not devirtualize calls to derived::inc()
25 struct derived2
: public derived
27 virtual void inc() { counter
+= (20*i
); }
31 static base * bp = new base();
32 static derived * dp = new derived();
33 static base * dbp = new derived();
44 vtptr
get_vtptr(void * object_ptr
)
46 vtptr
* object_vtptr_ptr
= (vtptr
*)object_ptr
;
47 return *object_vtptr_ptr
;
50 void set_vptr(void * object_ptr
, vtptr vtp
)
52 vtptr
* object_vtptr_ptr
= (vtptr
*)object_ptr
;
53 *object_vtptr_ptr
= vtp
;
56 // Given 2 pointers to C++ objects (non PODs), exchange the pointers to vtable
57 void exchange_vtptr(void * object1_ptr
, void * object2_ptr
)
59 vtptr object1_vtptr
= get_vtptr(object1_ptr
);
60 vtptr object2_vtptr
= get_vtptr(object2_ptr
);
61 set_vptr(object1_ptr
, object2_vtptr
);
62 set_vptr(object2_ptr
, object1_vtptr
);
69 struct my_struct
*my_obj
= (struct my_struct
*) malloc (sizeof (struct my_struct
));
71 my_obj
->bp
= new base();
72 my_obj
->dp
= new derived ();
73 my_obj
->dbp
= new derived ();
80 assert(counter
== (TPID
+ 10*TPID
+ 10*TPID
));
82 prev_counter
= counter
;
83 printf("before ex bp vptr=%x dp vptr=%x\n", get_vtptr(my_obj
->bp
), get_vtptr(my_obj
->dp
));
84 exchange_vtptr(my_obj
->bp
, my_obj
->dp
);
85 printf("after ex bp vptr=%x dp vptr=%x\n", get_vtptr(my_obj
->bp
), get_vtptr(my_obj
->dp
));
86 my_obj
->bp
->inc(); // This one should not abort but it is calling the wrong member
87 assert(counter
== (prev_counter
+ 10*TPID
));
88 printf("Pass first attack! Expected!\n");
89 printf("TPDI=%d counter %d\n", TPID
, counter
);
91 printf("Pass second attack! SHOULD NOT BE HERE!\n");
92 printf("TPDI=%d counter %d\n", TPID
, counter
);