← Back to context

Comment by CryZe

5 days ago

You can buffer overflow in fil-c and it won't detect it unless the entire buffer was its own stack or heap allocation with nothing following it (and also it needs to be a multiple of 16 bytes, cause that's padding that fil-c allows you to overflow into). So it arguably isn't much different from wasm.

Quick example:

typedef struct Foo {

    int buf[2];

    float some_float;

} Foo;

int main(void) {

    Foo foo = {0};

    for (size_t i = 0; i < 3; ++i) {

        foo.buf[i] = 0x3f000000;

        printf("foo.buf[%zu]: %d\n", i, foo.buf[i]);

    }

    printf("foo.some_float: %f\n", foo.some_float);

}

This overflows into the float, not causing any panics, printing 0.5 for the float.

0 comments

CryZe

Reply