buffer overflows
I'm writing an interpreter for some language I'm developing. Here and there, it's possible to let it process something where, if you give incorrect parameters, it may start reading outside the end of an array.
Can something like that be abused to make programs that abuse buffer overflows of the interpreter?
Quote:Original post by Lode
Can something like that be abused to make programs that abuse buffer overflows of the interpreter?
Well, if it's only read, people can't overflow the buffer. They might be able to read memory they shouldn't be allowed to, which might lead to abuse... or read garbage which might lead to other exploits/crashes. If the array can also be written to beyond its bounds, then much more danger exists.
Generally speaking that is. The code and detailed situation would help.
If you are going to write code that you intend to release to the public then it has to be completely fillproof, in every way.
I would protect, protect and protect...
[smile]
ace
I would protect, protect and protect...
[smile]
ace
Yes, it can be abused. That's how buffer overflows work. You can prevent it by disallowing access beyond the bounds of an array (that will also help the programmer to avoid lots of nasty bugs), or you can leave it up to the programmer to write code that guards against buffer overflow.
Quote:Original post by Lode
I'm writing an interpreter for some language I'm developing. Here and there, it's possible to let it process something where, if you give incorrect parameters, it may start reading outside the end of an array.
Can something like that be abused to make programs that abuse buffer overflows of the interpreter?
Yes. AFAIK, buffer overflows are one of the #1 most common security holes. At best they'll only be able to corrupt your data and crash your program. At worst they'll be able to inject code and gain complete access to your computer.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement