Vulnerability Development mailing list archives
FW: partial analysis of vulndev-1.c
From: Michael Wojcik <Michael.Wojcik () microfocus com>
Date: Wed, 14 May 2003 07:44:13 -0700
[Sent this to the OP rather than the list. I'm sure there's a compelling reason for not setting Reply-to to the list, but it's damn annoying all the same.]
From: Michael Wojcik Sent: Wednesday, May 14, 2003 10:14 AM To: 'David R. Piegdon' Subject: RE: partial analysis of vulndev-1.cFrom: David R. Piegdon [mailto:fleshyCPU () gmx net] Sent: Tuesday, May 13, 2003 2:35 PMfirst thing :) as far as i know, in PLAIN C a function call is not allowed during the definition of a variable { char *buf1 = malloc(SIZE); } but in C++, it is allowed.It's permitted in C as well, since at least the 1989 ANSI C standard, for variables with automatic storage. See eg ISO 9899-1990 6.5.7.[1] { strncpy(buf2, p2, SIZE); } and [2] { for (i = 0; i <= SIZE && p1[i] != '\0'; i++) buf1[i] = p1[i]; } it is obvious that [1] will always copy SIZE chars.Not if strlen(p2) is well-defined and < SIZE.2. a buffer overflow, if strlen(p1) >= SIZE. actually my gcc-compiled version does not catch this one with a SIGSEGV, but i don't know why.Don't count on receiving SIGSEGV just because you overrun a buffer. Typical virtual-memory architecture operates on chunks of memory called "pages"; 4KB is a typical page size. The program won't cause a violation unless it tries to touch a page it doesn't own. In this case, you overran the buffer, but not far enough to get to a page you hadn't allocated. Michael Wojcik Principal Software Systems Developer, Micro Focus
Current thread:
- FW: partial analysis of vulndev-1.c Michael Wojcik (May 14)