Protecting Our Sample Application
To avoid this type of problem, we should add bounds checking to the program. A simple example of this is to put a statement that tracks how much data is being written to the buffer, and when it tries to exceed the maximum amount, deny the request. For example, an easy way to fix this problem is to put the proper value in the for loop. Because the counter starts with 0, we would stop when the counter is less than 256, as follows:
void func(void)
{
int i; char buffer[256];
for(i=0;i<256;i++)
buffer[i]='A';
return;
} A second way to fix the problem is to put explicit error checking in the program. This assumes that the loop does not work properly and that a separate statement is responsible to check for errors: ...
Get Hackers Beware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
