| (1) typedef struct my_struct |
| (2) int field1; |
| (3) char⋆ pMessage; |
| (4) struct my_struct ⋆ pNext; |
| (5) } MY_STRUCT; |
| (6) typedef struct data_field |
| (7) int field; |
| (8) char⋆ message; |
| (9) } DATA_FIELD; |
| (10) void vulnerable_function(MY_STRUCT ⋆ structArray) |
| (11) MY_STRUCT ⋆ pStruct = structArray; |
| (12) char buff[128]; |
| (13) read(0,buf,256); // you can overflow pStruct here |
| (14) MY_STRUCT ⋆ pItem = NULL; |
| (15) for (pItem = pStruct; pItem != NULL; pItem = pItem->pNext) |
| (16) printf(The message of %dth item is:%sn, |
| (17) pItem->field1, pItem->pMessage); |
| (18) int _tmain(int argc, _TCHAR⋆ argv[]) |
| (19) MY_STRUCT structArray[3]; |
| (20) DATA_FIELD dataArray[3] = 1, Im struct1, |
| (21) 2, Im struct2, 3, Im struct3; |
| (22) for (i = 0; i < 3; i++) |
| (23) structArray[i].field1 = dataArray[i].field; |
| (24) structArray[i].pMessage = dataArray[i].message; |
| (25) if (i!=2) |
| (26) structArray[i].pNext = &structArray[i + 1]; |
| (27) else |
| (28) structArray[i].pNext = NULL;} |
| (29) vulnerable_function(structArray); |
| (30) return 0;} |
