Security Basics mailing list archives
RE: Stack Overflow
From: lists <lists () innocence-lost net>
Date: Mon, 10 Jan 2005 14:50:18 -0700 (MST)
I am hardly a java expert myself, however in _theory_ a buffer overflow is possible in any language (assuming the underlying chip's instruction set doesnt do bounds checking), however AFAIK it would require a bug of sorts in the jvm to bypass its checks so that you could write more data than was allocated. So in short, possible yes, probable no. -- There are only two choices in life. You either conform the truth to your desire, or you conform your desire to the truth. Which choice are you making? On Mon, 10 Jan 2005, Beilin Zhang wrote:
Date: Mon, 10 Jan 2005 13:23:54 -0800 From: Beilin Zhang <bzhang () sangamo com> To: security-basics () securityfocus com Subject: RE: Stack Overflow Hi, I have done some Java programming but not an expert. I'd be interested in knowing how this can be accomplished, since you cannot manipulate pointers in Java and arrays are bound-checked. Do you have any examples? Best Regards Beilin Zhang -----Original Message----- From: P. Schmiel [mailto:secfoc () cybernox net] Sent: Monday, January 10, 2005 12:29 PM To: security-basics () securityfocus com Subject: Re: Stack Overflow Hello list, well, sure they can. it's the coders job to make a good code. and the OSs job to manage the memory correct. Original message Monday, January 10, 2005, 2:11:03 PM: NS> Hi list, NS> My question is: can programs made with newer languages (Java and NS> .NET) have buffer overflow exploits? NS> Tnx, NS> Nelson Santos --- Best regards, Pascal Schmiel schmiel () cybernox net
Current thread:
- Stack Overflow Nelson Santos (Jan 10)
- Re: Stack Overflow P. Schmiel (Jan 10)
- RE: Stack Overflow Rocky Heckman (Jan 10)
- <Possible follow-ups>
- RE: Stack Overflow Beilin Zhang (Jan 10)
- RE: Stack Overflow lists (Jan 10)
- Re[2]: Stack Overflow P. Schmiel (Jan 10)
- RE: Re[2]: Stack Overflow Rocky Heckman (Jan 11)
- RE: Re[2]: Stack Overflow jnf (Jan 11)
- RE: Re[2]: Stack Overflow Rocky Heckman (Jan 12)