Figure 4-1. Simplified view of a stack frame
When an attacker runs code they want rather than the program’s code, you will see it
referred to as
arbitrary code execution
. This means the attacker can control the flow of
execution of the program. Once the attacker can do that, they can potentially get
access to resources the program owner has permissions to access.
Race Condition
Any program running does not have exclusive access to the processor. While a pro‐
gram is in running mode, it is being swapped into and out of the processor queue so
the code can be executed. Modern programs are often multithreaded; they have mul‐
tiple, simultaneous paths of execution. These execution threads still have access to the
same data space, and if I have two threads running that are both altering a particular
variable, and the threads somehow get out of sequence, problems can arise in the way
the program operates.
Example 4-1
, shows a small section of C code.
Example 4-1. Simple C function
int x;
void update
(
int y
)
{
x
=
x + y
if
(
x
==
100
)
{
printf
(
"we are at the value"
)
;
}
}
Let’s say we have two threads simultaneously running that function. The variable
x
is
being incremented by some unknown value by two separate threads. A
race condition
is what happens when two separate execution paths are accessing the same set of data
at the same time. When the memory isn’t locked, a read can be taking place at a time
when a write has happened that wasn’t expected. It all depends on timing.
If the correct flow of a program requires specific timing, there is a chance of a race
condition. Variables may be altered before a critical read that can control functional‐
