This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: Buffer Overflow Attacks


"Joseph S. Myers" <jsm28@cam.ac.uk> writes:

> On Sun, 14 Oct 2001, Florian Weimer wrote:
>
>> According to the language standard, buffer overflow detection for
>> character pointer types is possible only for buffers which are not
>> nested in other objects (in struct or union objects).  Overflowing
>> character buffers has a well-defined effect if the buffer is contained
>> in an object (and other objects follow the buffer inside this object),
>> so a C implementation is not free to detect such errors (which is only
>> possible if the buffer overflow triggers undefined behavior). ;-)
>
> This is a gross over-simplification of the problem of exactly when an
> object can be accessed through a given pointer.  For details see Nick
> Maclaren's "What is an object when it is at home?" paper, except that I
> don't think he's published it beyond the UK and WG14 reflectors.  For
> examples where the committee has ruled that bounds of sub-objects can't be
> exceeded, see DR#017 question 16, and DRs #051 and #178 relating to the
> "struct hack".

The struct hack for character arrays results in strictly conforming
programs because arithmetic on pointers to a character type is not
restricted in any way, as long the enclosing object is not left.  This
is a consequence of 6.3.2.3(7).

However, this only applies to pointers to a character type, and not to
other pointer types.  Of course, it's clearly not desirable that types
which are used to implement the frequently used string idiom have this
property, but that's the way the language is defined.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]