Vulnerability Development mailing list archives

Re: reverse engineer c or java

From: pantera () BALANCEPOINTGOLF COM (pantera () BALANCEPOINTGOLF COM)
Date: Sun, 21 May 2000 11:00:27 -0700


Date sent:              Sun, 21 May 2000 19:50:46 +0200
Send reply to:          Bluefish <11a () GMX NET>
From:                   Bluefish <11a () GMX NET>
Subject:                Re: reverse engineer c or java
Originally to:          "za () boo ma fu" <initd_ () DIGITAL NET>

security in any program you write? Write well thought out code.
Learn about common bugs such as bad 'system()' placement or
buffer overruns.


Btw, on the topic of java! Has there been published any research upon
buffert overruns in java? I assume the class String is more or less
secure, but are there security concerns related to usage of e.g. arrays?


Java automatically performs bound checking on arrays.  For
example, if you try and add more elements to an array than you
should:

int arr[] = new int[5];
int arr_length = arr.length + 50;

for (int i = 0; i < arr_length; i++)
{
        arr[i] = i;
}

Java throws an ArrayIndexOutOfBoundsException:

java.lang.ArrayIndexOutOfBoundsException        at
ArrayTest.<init>(ArrayTest.java:10)     at
ArrayTest.main(ArrayTest.java:16) Exception in
thread "main" Process Exit...

Automatic bounds checking eliminates buffer
overflows in the traditional sense. Anyone have
any further comments/research on this topic?

- xp

Current thread:

chsh Segfault on FreeBSD 3.3, (continued)
- - - chsh Segfault on FreeBSD 3.3 Fabio Pietrosanti (May 19)
    - reverse engineer c or java kj (May 19)
    - Re: reverse engineer c or java John Swensson (May 20)
    - Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER SMILER (May 20)
    - Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Blue Boar (May 20)
    - Re: Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER Stuart Henderson (May 22)
    - Re: reverse engineer c or java za () boo ma fu (May 20)
    - Outlook, HTML & VBS Joerg Weber (May 21)
    - Re: reverse engineer c or java Bluefish (May 21)
    - Re: reverse engineer c or java Gordon Messmer (May 21)
    - Re: reverse engineer c or java pantera () BALANCEPOINTGOLF COM (May 21)
    - Re: reverse engineer c or java Crispin Cowan (May 21)
    - Re: reverse engineer c or java Erik Debill (May 22)
    - Re: reverse engineer c or java za () boo ma fu (May 21)
    - Re: reverse engineer c or java Bluefish (May 22)
    - Re: reverse engineer c or java za () boo ma fu (May 22)
    - Re: reverse engineer c or java Bluefish (May 23)
    - Re: reverse engineer c or java Mark Rafn (May 20)
    - Re: reverse engineer c or java Pedro Hugo (May 20)
    - Re: reverse engineer c or java phazer (May 20)
    - Re: reverse engineer c or java Warner Losh (May 21)

(Thread continues...)