...
| Code Block |
|---|
/* Legacy function defined elsewhere - cannot be modified */
void audit_log(char *errstr) {
fprintf(stderr, "Error: %s.\n", errstr);
}
/* ... */
char const INVFNAME[] = "Invalid file name.";
audit_log((char *)INVFNAME); /* EXP05-EX1 */
/* ... */
|
Risk Assessment
If the object is constant, the compiler may allocate storage in ROM or write-protected memory. Trying to modify such an object may lead to a program crash. This could allow an attacker to mount a denial-of-service attack.
...