CWE-587: Assignment of a Fixed Address to a Pointer
Description
The product sets a pointer to a specific address other than NULL or 0.
Submission Date :
Dec. 15, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Extended Description
Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.
Example - 1
This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.
// // Here we can inject code to execute.//
int (*pt2Function) (float, char, char)=0x08040000;int result2 = (*pt2Function) (12, 'a', 'b');
The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution.
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.