thestinger/cfi.c

## cfi.c
#include <stdarg.h>
#include <stdio.h>

void foo(unsigned n, ...) {
    va_list args;
    va_start(args, n);
    for (unsigned i = 0; i < n; i++) {
        printf("%d\n", va_arg(args, int));
    }
    va_end(args);
}

int main(void) {
    void (*bar)(unsigned, int, int) = (void *)foo;
    bar(2, 5, 10);
    return 0;
}

## cfi_output.txt
% clang foo.c -o foo -fsanitize=cfi-icall -fno-sanitize-trap=cfi-icall -fsanitize-recover=cfi-icall -flto
% ./foo
foo.c:15:5: runtime error: control flow integrity check for type 'void (unsigned int, int, int)' failed during indirect function call
(/home/strcat/foo+0x2a690): note: foo defined here
5
10
	#include <stdarg.h>
	#include <stdio.h>

	void foo(unsigned n, ...) {
	va_list args;
	va_start(args, n);
	for (unsigned i = 0; i < n; i++) {
	printf("%d\n", va_arg(args, int));
	}
	va_end(args);
	}

	int main(void) {
	void (bar)(unsigned, int, int) = (void )foo;
	bar(2, 5, 10);
	return 0;
	}
	% clang foo.c -o foo -fsanitize=cfi-icall -fno-sanitize-trap=cfi-icall -fsanitize-recover=cfi-icall -flto
	% ./foo
	foo.c:15:5: runtime error: control flow integrity check for type 'void (unsigned int, int, int)' failed during indirect function call
	(/home/strcat/foo+0x2a690): note: foo defined here
	5
	10