Expanded subject to expose nested datapin flaw

2026-04-03 23:52:21 +02:00 · 2026-04-03 23:52:21 +02:00 · 1c11b8a5e9
commit 1c11b8a5e9
parent affe371084
3 changed files with 24 additions and 8 deletions
--- a/subject/main.c
+++ b/subject/main.c
@ -3,7 +3,9 @@
 #include "task_struct.h"
 int second_pid();
-int third_pid();
+const char* second_comm();
 int subsecond_pid();
 const char* subsecond_comm();
 struct task_struct global = { .pid = 42, .comm = "main_global" };
@ -49,6 +51,10 @@ int main(void)
    size_t myOffset = ((size_t)&((struct task_struct*)0)->tasks);
    printf("DIY offsetof(task_struct, tasks) yiels %2llu\n", myOffset);
-    return second_pid() * third_pid();
+    printf("Global: pid=%d comm=\"%s\"\n", global.pid, global.comm);
    printf("Second global: pid=%d comm=\"%s\"\n", second_pid(), second_comm());
    printf("Subsecond global: pid=%d comm=\"%s\"\n", subsecond_pid(), subsecond_comm());
    return 0;
 }
--- a/subject/second.c
+++ b/subject/second.c
@ -1,7 +1,12 @@
 #include "task_struct.h"
-static struct task_struct global = { .pid = 43, .comm = "third_global" };
+static struct task_struct global = { .pid = 43, .comm = "second_global" };
-int third_pid() {
+int second_pid() {
    return global.pid;
 }
 const char* second_comm() {
    return global.comm;
 }
--- a/subject/sub/second.c
+++ b/subject/sub/second.c
@ -1,7 +1,12 @@
 #include "task_struct.h"
-static struct task_struct global = { .pid = 0, .comm = "second_global" };
+static struct task_struct global = { .pid = 0, .comm = "subsecond_global" };
-int second_pid() {
+int subsecond_pid() {
    return global.pid;
 }
 const char* subsecond_comm() {
    return global.comm;
 }