Page History

The C+\+ Standard [ISO/IEC 14882-2003|AA. C++ References#ISO/IEC 14882-2003] "One definition rule" (Section 3.2, "One definition rule," says, in) says: "No translation unit shall contain more than one definition of any variable, function, class type, enumeration type or template."  Moreover, paragraph 3 says: "Every program shall contain exactly one definition of every non-inline function or object that is used in that program; no diagnostic required."  Although it is possible to check that the ODR is complied with (see \[[Quinlan 06|AA. C++ References#Quinlan 06]\]), compilers do not, at present, as of October 2006 we are not aware of any compilers that enforce the rule or even issue a diagnostic.  As the paper by Quinlan et al. shows, failing to enforce the ODR enables a virtual function pointer attack, known as the VPTR exploit.  This is where an object's virtual function table is corrupted so that calling a virtual function on the object results in malicious code being executed.  See the paper by Quinlan et al. for more details.