Sign in to follow this  

buffer overflows

This topic is 4520 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I'm writing an interpreter for some language I'm developing. Here and there, it's possible to let it process something where, if you give incorrect parameters, it may start reading outside the end of an array. Can something like that be abused to make programs that abuse buffer overflows of the interpreter?

Share this post


Link to post
Share on other sites
Quote:
Original post by Lode
Can something like that be abused to make programs that abuse buffer overflows of the interpreter?


Well, if it's only read, people can't overflow the buffer. They might be able to read memory they shouldn't be allowed to, which might lead to abuse... or read garbage which might lead to other exploits/crashes. If the array can also be written to beyond its bounds, then much more danger exists.

Generally speaking that is. The code and detailed situation would help.

Share this post


Link to post
Share on other sites
If you are going to write code that you intend to release to the public then it has to be completely fillproof, in every way.

I would protect, protect and protect...

[smile]

ace

Share this post


Link to post
Share on other sites
Yes, it can be abused. That's how buffer overflows work. You can prevent it by disallowing access beyond the bounds of an array (that will also help the programmer to avoid lots of nasty bugs), or you can leave it up to the programmer to write code that guards against buffer overflow.

Share this post


Link to post
Share on other sites
Quote:
Original post by Lode
I'm writing an interpreter for some language I'm developing. Here and there, it's possible to let it process something where, if you give incorrect parameters, it may start reading outside the end of an array.

Can something like that be abused to make programs that abuse buffer overflows of the interpreter?


Yes. AFAIK, buffer overflows are one of the #1 most common security holes. At best they'll only be able to corrupt your data and crash your program. At worst they'll be able to inject code and gain complete access to your computer.

Share this post


Link to post
Share on other sites
Sign in to follow this