Secure Coding mailing list archives
Re: opinion, ACM Queue: Buffer Overrun Madness
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 10 Jun 2004 14:13:57 +0100
ljknews wrote: Okay, that's a bold statement. I'd better back it up. If you have a string-handling library of any kind, someone's going to come up with a program design that builds a twenty character string for a person's name, putting first name in the first ten characters, and last name in the last ten characters. Eric Smith changes his first name to Navratilova, and he's suddenly listed by the program as "Navratilovamith amith" - buffer overflow. Sure, it doesn't overflow into the stack, but it overflows into important data. How does the buffer overflow "into important data" using "any language" ? With Ada and Pascal a 20 character array just has no syntax for storing a character into the 21st position. While it is true you will get a (possibly unanticipated) runtime exception rather than pleasing results, there is no opportunity for pleasing results in this situation. The clever programmer may add an exception handler to display a user friendly message like "get a name change" rather than the default "index out of bounds" or whatever. But neither the clever nor the lazy programmer gets an overflow "into important data". The boundary condition is detected and prevented from causing totally obscure failures. I think you failed to parse the example provided. He gave an example where he has imposed an arbitrary structure on the built-in string, and violated it. I think he blew the example, as I'm reading it. I *think* he meant: "Eric Smith " becomes "Navratilovamith " Thereby blowing his "buffer", and maybe screwing the rest of the program logic. He didn't overflow at the string class level, he did so at the logic level. Or his derived string class, or however you like to think of it. BB
Current thread:
- opinion, ACM Queue: Buffer Overrun Madness Jose Nazario (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Kenneth R. van Wyk (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness Alun Jones (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Blue Boar (Jun 10)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness der Mouse (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 08)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness David Eisner (Jun 09)
- <Possible follow-ups>
- RE: opinion, ACM Queue: Buffer Overrun Madness Peter Amey (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Gary McGraw (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 09)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 09)
- Re: opinion, ACM Queue: Buffer Overrun Madness Jared W. Robinson (Jun 10)
- RE: opinion, ACM Queue: Buffer Overrun Madness David Crocker (Jun 11)
- RE: opinion, ACM Queue: Buffer Overrun Madness ljknews (Jun 11)