Tales of the Unknown
FelineMenace.org
If you have even read just a handful of man pages before, then you will know all too well that a lot of functions can have “undefined behavior”. This article attempts to define what exactly “undefined behavior” refers to when dealing with uninitialized variables, and will give examples of how this could be abused by attackers to control the execution flow of an application.
All the examples have been tested and found working on Ubuntu [1] Linux. It is hoped that the reader will extend on the information provided, and look at similar conditions in glibc functions, kernel code, and threaded applications [2].