Stack Overflow
Stack Overflow

Questions tagged [buffer-overflow]

Usually occurs when you attempt to copy data into a buffer without checking for sufficient space, causing data to be overwritten in neighboring cells.

RAM is divided into memory cells with each cell capable of storing a single byte on it's own. Applications use different sizes of the same data type to fulfill their computational needs, which can vary between a single or multiple (arrays) or dynamically allocated (pointers). Problems usually arise when software developers employ the use of arrays or pointers without verifying the destination buffer has sufficient or adequate space.

char Target[10];
char Input[20];
strcpy( Target, Input); // 1st Parameter: Destination, 2nd Parameter: Data

The code listed above plus certain conditions can exhibit the buffer-overflow corruption. If the coder doesn't take the necessary precautions to validate target/input, it will result in data being fed into adjacent memory cells corrupting whatever contents is stored within them.

Such results can be devastating as they affect overall system integrity.

1483 questions
17
votes
1 answer

GCC generate Canary or not?

my gcc version is 4.8.2 and operating system is ubuntu 14.04 (64 bit). I found that sometimes gcc auto generate the canary to do buffer overflow protection sometimes not, why? case to generate canary: when SIZE is multiple of…
zongyuwu
  • 325
  • 1
  • 3
  • 8
16
votes
1 answer

What happens in TCP when the internal buffer fills up

Let's say we have the following TCP socket setup where client sends arbitary data to the server. Treat the following as a pseudocode. def client(): while True: data = source.get_data() …
TukeV
  • 641
  • 2
  • 6
  • 13
16
votes
3 answers

Is Go vulnerable for buffer overflow

I know languages like c# aren't vulnerable to buffer overflows unless you marshal or use unsafe code. But is go vulnerable for buffer overflows?
Pepernoot
  • 3,409
  • 3
  • 21
  • 46
16
votes
3 answers

Should the memory vulnerability of the line of code "printf("%s", argv[1]);" be described as a stack overflow?

Today, I took a short "C++ skills test" from Elance.com. One question was the following: What is the security vulnerability of the following line of code: printf("%s", argv[1]); Option 1: Format String Option 2: Stack Overflow <-- This was marked…
Dan Nissenbaum
  • 13,558
  • 21
  • 105
  • 181
14
votes
4 answers

How could this buffer be overrun?

I apologize in advance for the useless title of this question, but nothing seemed to fit better. The idea here is to replicate argv in another variable, essentially making a copy of it. So the basic idea of what the function does is, use malloc() to…
Alexander Row
  • 141
  • 5
14
votes
1 answer

Valgrind won't detect buffer overflow

#include main() { char buf[8]; sprintf(buf,"AAAA%3s","XXssssssssXXXsssssXXX"); printf("%s\n",buf); } I expected valgrind to detect a buffer overflow with the above code. But it does not report any errors or warnings. Do I…
webminal.org
  • 44,948
  • 37
  • 94
  • 125
13
votes
3 answers

Causing PHP to crash

How can PHP cause memory leaks, buffer overflows, stack overflows and any other errors of such kind? Can PHP even cause such errors?
yretuta
  • 7,963
  • 17
  • 80
  • 151
13
votes
2 answers

Malloc segmentation fault

Here is the piece of code in which segmentation fault occurs (the perror is not being called): job = malloc(sizeof(task_t)); if(job == NULL) perror("malloc"); To be more precise, gdb says that the segfault happens inside a __int_malloc call,…
guilhermemtr
  • 528
  • 1
  • 4
  • 15
13
votes
4 answers

How to prevent memcpy buffer overflow?

There are some binary buffers with fixed sizes in a program that are used to store data, and memcpy is used to copy the buffer from one to another one. Since the source buffer may be larger than the destination buffer, how can I detect if there is…
Michael D
  • 1,449
  • 5
  • 18
  • 31
12
votes
2 answers

No function contains program counter for selected frame

I am trying to do a buffer overflow attack for a given vulnerable code. But it seems it is going wrong because, Although my exploit strings do not corrupt the stack, I cannot get my assembly code(embedded in the exploit string) worked at all. Here…
bfaskiplar
  • 865
  • 1
  • 7
  • 23
12
votes
6 answers

How can I use strncat without buffer overflow concerns?

I have a buffer, I am doing lot of strncat. I want to make sure I never overflow the buffer size. char buff[64]; strcpy(buff, "String 1"); strncat(buff, "String 2", sizeof(buff)); strncat(buff, "String 3", sizeof(buff)); Instead of sizeof(buff),…
jscode
  • 121
  • 1
  • 1
  • 6
12
votes
4 answers

How to skip a line doing a buffer overflow in C

I want to skip a line in C, the line x=1; in the main section using bufferoverflow; however, I don't know why I can not skip the address from 4002f4 to the next address 4002fb in spite of the fact that I am counting 7 bytes form to…
Percy
  • 121
  • 1
  • 4
12
votes
2 answers

Android App Crash. Error reading input stream

Android application crashing often, Following are the logs from logcat. com.google.android.apps.gsa.shared.speech.a.g: Error reading from input stream at…
Shashank Baghel
  • 145
  • 1
  • 1
  • 10
12
votes
2 answers

WPD API Detect if Device is a Phone?

EDIT: Full source code was requested. Below is a barebones implementation in order to replicate the bug. Content enumeration is removed, however the crash ocurrs on the first object call anyway. In this case, the WPD_DEVICE_OBJECT_ID object. LINK TO…
mrg95
  • 2,371
  • 11
  • 46
  • 89
12
votes
1 answer

Exploit a buffer overflow

For my studies I try to create a payload so that it overflows the buffer and calls a "secret" function called "target" This is the code I use for testing on an i686 #include "stdio.h" #include "string.h" void target() { printf("target\n"); } void…
Chris
  • 3,581
  • 8
  • 30
  • 51
1 2
3
98 99