Buffer Overrun

["Mark Rockman" <mrockman () acm org>]

If I allocate a buffer of n bytes, open the channel and receive n+m bytes
where m>0, then where does the fault lie?  Some possibilities:  1) My choice
for n is too small, 2) the software with which I open the channel does not
permit me to specify that my buffer is only n bytes in length and it returns
more than n bytes, 3) the software with which I open the channel permits me
to specify that my buffer is only n bytes in length but I incorrectly inform
it that the buffer length is some number >= n+m bytes.

Modern techniques allow me to create an array object that cannot overflow
without causing an exception.  That is exactly the behavior a buffer should
have.  Lazy or forgetful programmers cannot write code that is able to
corrupt outside the limit of the buffer.  Malware writers are unable to
transfer control to malicious code by corrupting the stack.