RE: Stack Overflow

[lists <lists () innocence-lost net>]

I am hardly a java expert myself, however in _theory_ a buffer overflow is
possible in any language (assuming the underlying chip's instruction set
doesnt do bounds checking), however AFAIK it would require a bug of sorts
in the jvm to bypass its checks so that you could write more data than
was allocated.

So in short, possible yes, probable no.


--

There are only two choices in life. You either conform the truth to your desire,
or you conform your desire to the truth. Which choice are you making?
On Mon, 10 Jan 2005, Beilin Zhang wrote:

> Date: Mon, 10 Jan 2005 13:23:54 -0800
> From: Beilin Zhang <bzhang () sangamo com>
> To: security-basics () securityfocus com
> Subject: RE: Stack Overflow
>
> Hi,
>
> I have done some Java programming but not an expert.  I'd be interested in
> knowing how this can be accomplished, since you cannot manipulate pointers
> in Java and arrays are bound-checked.  Do you have any examples?
>
> Best Regards
>
> Beilin Zhang
>
> -----Original Message-----
> From: P. Schmiel [mailto:secfoc () cybernox net]
> Sent: Monday, January 10, 2005 12:29 PM
> To: security-basics () securityfocus com
> Subject: Re: Stack Overflow
>
>
> Hello list,
>
> well, sure they can. it's the coders job to make a good code. and the
> OSs job to manage the memory correct.
>
> Original message Monday, January 10, 2005, 2:11:03 PM:
>
> NS> Hi list,
>
> NS>   My question is: can programs made with newer languages (Java and
> NS> .NET) have buffer overflow exploits?
>
> NS> Tnx,
> NS> Nelson Santos
>
>
> ---
> Best regards,
> Pascal Schmiel
> schmiel () cybernox net