Black Hat Amazon code question part 2
Thanks for the comments so far on the first day’s code question at Black Hat.
I’ll leave it a little while before posting the comments and answers, because it’ll give you a chance to think it through for yourself if you haven’t already done so.
Meanwhile, here’s the code example for day 2. What’s wrong with it?
wchar_t content, unsigned int repeat)
if (repeat > 0x7fffffffe)
size = ( repeat + 1 ) * sizeof content;
buffer = (wchar_t *) malloc ( size );
if ( buffer == 0 )
wmemset(buffer, content, repeat);
buffer[ repeat ] = 0;
The language is C++, and as with the previous example, assume that everything that is not
given above is perfect.
In case it is important, this was tested on an x86 system, although the flaw will also show up in x64. We were repeatedly asked that question.