Expanded subject to expose nested datapin flaw

2026-04-03 23:52:21 +02:00 · 2026-04-03 23:52:21 +02:00 · 1c11b8a5e9
commit 1c11b8a5e9
parent affe371084
3 changed files with 24 additions and 8 deletions
--- a/subject/main.c
+++ b/subject/main.c
@ -3,7 +3,9 @@
 #include "task_struct.h"

 int second_pid();
-int third_pid();
+const char* second_comm();
+int subsecond_pid();
+const char* subsecond_comm();

 struct task_struct global = { .pid = 42, .comm = "main_global" };

@ -49,6 +51,10 @@ int main(void)
    size_t myOffset = ((size_t)&((struct task_struct*)0)->tasks);
    printf("DIY offsetof(task_struct, tasks) yiels %2llu\n", myOffset);

-    return second_pid() * third_pid();
+    printf("Global: pid=%d comm=\"%s\"\n", global.pid, global.comm);
+    printf("Second global: pid=%d comm=\"%s\"\n", second_pid(), second_comm());
+    printf("Subsecond global: pid=%d comm=\"%s\"\n", subsecond_pid(), subsecond_comm());
+
+    return 0;
 }

--- a/subject/second.c
+++ b/subject/second.c
@ -1,7 +1,12 @@
 #include "task_struct.h"

-static struct task_struct global = { .pid = 43, .comm = "third_global" };
+static struct task_struct global = { .pid = 43, .comm = "second_global" };

-int third_pid() {
-	return global.pid;
+int second_pid() {
+    return global.pid;
 }
+
+const char* second_comm() {
+    return global.comm;
+}
+
--- a/subject/sub/second.c
+++ b/subject/sub/second.c
@ -1,7 +1,12 @@
 #include "task_struct.h"

-static struct task_struct global = { .pid = 0, .comm = "second_global" };
+static struct task_struct global = { .pid = 0, .comm = "subsecond_global" };

-int second_pid() {
-	return global.pid;
+int subsecond_pid() {
+    return global.pid;
 }
+
+const char* subsecond_comm() {
+    return global.comm;
+}
+