From: Florian Weimer <fw@deneb.enyo.de>
To: "Joseph S. Myers" <jsm28@cam.ac.uk>
Cc: <gcc@gcc.gnu.org>
Subject: Re: Buffer Overflow Attacks
Date: Sun, 14 Oct 2001 12:14:00 -0000 [thread overview]
Message-ID: <87y9meypy7.fsf@deneb.enyo.de> (raw)
In-Reply-To: <Pine.LNX.4.33.0110141856480.24055-100000@kern.srcf.societies.cam.ac.uk>
"Joseph S. Myers" <jsm28@cam.ac.uk> writes:
> On Sun, 14 Oct 2001, Florian Weimer wrote:
>
>> According to the language standard, buffer overflow detection for
>> character pointer types is possible only for buffers which are not
>> nested in other objects (in struct or union objects). Overflowing
>> character buffers has a well-defined effect if the buffer is contained
>> in an object (and other objects follow the buffer inside this object),
>> so a C implementation is not free to detect such errors (which is only
>> possible if the buffer overflow triggers undefined behavior). ;-)
>
> This is a gross over-simplification of the problem of exactly when an
> object can be accessed through a given pointer. For details see Nick
> Maclaren's "What is an object when it is at home?" paper, except that I
> don't think he's published it beyond the UK and WG14 reflectors. For
> examples where the committee has ruled that bounds of sub-objects can't be
> exceeded, see DR#017 question 16, and DRs #051 and #178 relating to the
> "struct hack".
The struct hack for character arrays results in strictly conforming
programs because arithmetic on pointers to a character type is not
restricted in any way, as long the enclosing object is not left. This
is a consequence of 6.3.2.3(7).
However, this only applies to pointers to a character type, and not to
other pointer types. Of course, it's clearly not desirable that types
which are used to implement the frequently used string idiom have this
property, but that's the way the language is defined.
next prev parent reply other threads:[~2001-10-14 12:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-14 8:01 dewar
2001-10-14 10:25 ` Florian Weimer
2001-10-14 11:08 ` Joseph S. Myers
2001-10-14 12:14 ` Florian Weimer [this message]
2001-10-14 12:29 ` Joseph S. Myers
2001-10-18 15:02 ` Michael Eager
-- strict thread matches above, loose matches on Subject: below --
2001-10-31 16:39 mike stump
2001-10-18 17:00 mike stump
2001-10-31 10:01 ` Florian Weimer
2001-10-14 12:25 dewar
2001-10-14 5:32 Frank Pilhofer
2001-10-14 7:33 ` Carlo Wood
2001-10-14 10:50 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y9meypy7.fsf@deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=gcc@gcc.gnu.org \
--cc=jsm28@cam.ac.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).