Information in this Chapter
Uninitialized/Nonvalidated/Corrupted Pointer Dereference
Memory Corruption Vulnerabilities
Logic Bugs (a.k.a. the Bug Grab Bag)
Software has bugs. A bug is a malfunction in a program that makes the program produce incorrect results, behave in an undesired way, or simply crash/terminate unexpectedly. In most cases, bugs are the result of programming errors, as is the case in the following snippet of code taken from the 2.6.9 version of the Linux Kernel:
static int bluez_sock_create(struct socket *sock, int proto)
if (proto >= BLUEZ_MAX_PROTO)
return bluez_proto[proto]->create(sock,proto); ...