Can we PLEASE stop saying shit like "doing whatever is UB and makes the compiler free to replace your code with `rm -rf`"
until somebody puts system() calls in the LLVM replacement engine, this is just lazy trite garbage
Conversation
Replying to
It's not. The UB creates the possibility of runaway wrong execution, and the data the attacker arranged to be in the right place when that happens leads to pc reaching system with a pointer to "rm -rf" in arg register.
1
7
There are also many forms of undefined behavior that can lead to this in practice, definitely not just direct forms of memory corruption. Violating guarantees about the possible values of a variable, etc. can lead to very serious problems *even without optimization enabled*.