...
| Page properties | ||
|---|---|---|
| ||
I am uncertain whether it would be interesting or not, but another NCCE/CS pair that is specific to Microsoft Visual Studio would be the generic text mappings use by a lot of Win32 APIs (and Windows code in general). The IDE gives you a flag that you can toggle that specifies whether
I hesitate to add this as an NCCE/CS pair because it's so implementation-specific and I think the point is already made with other examples in this rule. However, this is one of those scenarios that can bite Win32 programmers if they're not observant, and the flag is relatively hidden. |
Risk Assessment
Failing to obey the ODR allows the VPTR exploit, which could lead to an attacker being able to execute arbitrary code. HoweverViolating the One Definition Rule results in undefined behavior, which can result in exploits as well as denial-of-service attacks. As the paper by Quinlan et al. shows [Quinlan 06], failing to enforce the ODR enables a virtual function pointer attack, known as the VPTR exploit. This is where an object's virtual function table is corrupted so that calling a virtual function on the object results in malicious code being executed. See the paper by Quinlan et al. for more details. However, note that the attacker must have access to the system running building the code to introduce the malicious class.
...