24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

SIN 5BUFFER OVERRUNS

OVERVIEW OF THE SIN

Buffer overruns have long been recognized as a problem in low-level languages. The core problem is that user data and program flow control information are intermingled for the sake of performance, and low-level languages allow direct access to application memory. C and C++ are the two most popular languages afflicted with buffer overruns.

Strictly speaking, a buffer overrun occurs when a program allows input to write beyond the end of the allocated buffer, but there are several associated problems that often have the same effect. One of the most interesting is format string bugs, which we cover in Sin 6. Another incarnation of the problem occurs when an attacker is allowed to write at an arbitrary memory ...

Get 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard, David LeBlanc, John Viega

SIN 5BUFFER OVERRUNS

OVERVIEW OF THE SIN

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly