From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Weimer To: "Joseph S. Myers" Cc: Subject: Re: Buffer Overflow Attacks Date: Sun, 14 Oct 2001 12:14:00 -0000 Message-id: <87y9meypy7.fsf@deneb.enyo.de> References: X-SW-Source: 2001-10/msg00822.html "Joseph S. Myers" writes: > On Sun, 14 Oct 2001, Florian Weimer wrote: > >> According to the language standard, buffer overflow detection for >> character pointer types is possible only for buffers which are not >> nested in other objects (in struct or union objects). Overflowing >> character buffers has a well-defined effect if the buffer is contained >> in an object (and other objects follow the buffer inside this object), >> so a C implementation is not free to detect such errors (which is only >> possible if the buffer overflow triggers undefined behavior). ;-) > > This is a gross over-simplification of the problem of exactly when an > object can be accessed through a given pointer. For details see Nick > Maclaren's "What is an object when it is at home?" paper, except that I > don't think he's published it beyond the UK and WG14 reflectors. For > examples where the committee has ruled that bounds of sub-objects can't be > exceeded, see DR#017 question 16, and DRs #051 and #178 relating to the > "struct hack". The struct hack for character arrays results in strictly conforming programs because arithmetic on pointers to a character type is not restricted in any way, as long the enclosing object is not left. This is a consequence of 6.3.2.3(7). However, this only applies to pointers to a character type, and not to other pointer types. Of course, it's clearly not desirable that types which are used to implement the frequently used string idiom have this property, but that's the way the language is defined.