This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Buffer Overflow Attacks


On Sun, 14 Oct 2001, Florian Weimer wrote:

> According to the language standard, buffer overflow detection for
> character pointer types is possible only for buffers which are not
> nested in other objects (in struct or union objects).  Overflowing
> character buffers has a well-defined effect if the buffer is contained
> in an object (and other objects follow the buffer inside this object),
> so a C implementation is not free to detect such errors (which is only
> possible if the buffer overflow triggers undefined behavior). ;-)

This is a gross over-simplification of the problem of exactly when an
object can be accessed through a given pointer.  For details see Nick
Maclaren's "What is an object when it is at home?" paper, except that I
don't think he's published it beyond the UK and WG14 reflectors.  For
examples where the committee has ruled that bounds of sub-objects can't be
exceeded, see DR#017 question 16, and DRs #051 and #178 relating to the
"struct hack".

-- 
Joseph S. Myers
jsm28@cam.ac.uk


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]