TL;DR, I discovered a stack-smashing vulnerability in GZDoom’s interpreter for ACS. As a preface, there’s a tendency for whitepapers like this in the security community to be written with a somewhat condescending tone towards the product’s vendor. I do not mean for any portion of this writeup to come off as degrading to the developers involved. Yes, the bug was obvious to me, but ….. read on..?
“funsignals” was a 250 point binary exploitation challenge with 58 solves. The challenge itself was a very trivial example of sigreturn-oriented programming.
Sigreturn-oriented programming is a means of getting values into certain registers without having to use ROP gadgets that pop values from the stack. It’s a technique that relies on how UNIX-like operating systems implement ….. read on..?