Bugtraq mailing list archives
"Buffer overflow" term considered overloaded
From: "Steven M. Christey" <coley () mitre org>
Date: Fri, 22 Sep 2006 21:18:48 -0400 (EDT)
In "Re: IE ActiveX 0day?" to Bugtraq on September 18, Alexander Sotirov asked:
What is your definition of memory corruption? How can a buffer overflow not be a memory corruption error?
The term "buffer overflow" continues to be too general for the variety of issues out there. Array index/offset errors, buffer "underflows," out-of-bounds reads, frees of invalid pointers, length field inconsistencies, off-by-ones, insufficient memory allocation that is resultant from integer overflows, other kinds of incorrect size calculations, and other problems all involve memory access outside of expected boundaries, so they are called "buffer overflows." But they are different than the "classic" overflows that strcpy() is known for. And the term is interchangeably used for attacks, results/impacts, and programming bugs. Terminology has not evolved to cope with all the variety, so "memory corruption" is acting as a placeholder in some cases. I have some preliminary thoughts on how to do more precise classification, but they're not ready for prime time, so people can contact me privately if they're interested. - Steve
Current thread:
- "Buffer overflow" term considered overloaded Steven M. Christey (Sep 23)
- Re: "Buffer overflow" term considered overloaded Dave "No, not that one" Korn (Sep 25)