Pour obtenir une clé
d'essai remplissez le formulaire ci-dessous
Demandez des tariffs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
RUB
* En cliquant sur ce bouton, vous acceptez notre politique de confidentialité

Free PVS-Studio license for Microsoft MVP specialists
To get the licence for your open-source project, please fill out this form
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

I am interested to try it on the platforms:
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

Votre message a été envoyé.

Nous vous répondrons à


Si vous n'avez toujours pas reçu de réponse, vérifiez votre dossier
Spam/Junk et cliquez sur le bouton "Not Spam".
De cette façon, vous ne manquerez la réponse de notre équipe.

>
>
>
Buffer overflow

Buffer overflow

31 Mar 2013

Buffer overflow is an issue when a program is writing or reading data outside the buffer allocated in memory for this purpose. It usually occurs because of incorrect data and memory handling when the programming subsystem and operating system don't provide strict protection against this error. This type of errors is rather frequent and usually caused by misprints. There is also a related error - buffer underflow.

The Buffer Overflow and Buffer Underflow errors often cause uninitialized data to be used in the program and, as a consequence, its undefined behavior. Buffer overflow may also cause segmentation faults (Access Violation).

Since most high-level languages arrange program data in the process stack mixing them with control data, exploiting buffer overflows is one of the most popular hacking methods, as it allows an intruder to load and execute any machine code for the program and have the rights of the user account under which the program is running.

In such popular languages as C and C++ there is no integrated check of data reading/writing boundaries. This is a sacrifice for the efficient low-level memory handling. On the other hand, almost all the interpretive languages and JIT environments (Java RTE, .NET Framework) have an internal protection against buffer overflow.

To prevent using the buffer overflow vulnerability when executing a program there exist stack-smashing protection systems (Libsafe, StackGuard) and executable space protection systems. The difficulty of dynamic buffer overflow detection is determined by the fact that the program might work stably for a long time as long as uninitialized memory stores suitable values and the writable memory area is not used. Static analysis allows to find buffer overflow errors and related loopholes at the stage of code writing/debugging.

Here are several examples of this error detected in the code of real open-source projects with the PVS-Studio static analyzer.

The MAME project (game emulator). Buffer overflow.

#define CHD_SHA1_BYTES 20
#define CHD_V4_HEADER_SIZE 108
#define CHD_MAX_HEADER_SIZE CHD_V4_HEADER_SIZE

static chd_error header_read(...., chd_header *header)
{
  UINT8 rawheader[CHD_MAX_HEADER_SIZE];
  ...
  memcpy(header->parentsha1, &rawheader[100], CHD_SHA1_BYTES);
  ...
}

The 'rawheader' array consists of 108 bytes. The programmer intended to copy its contents starting with byte 100. The trouble is we will get outside the array boundaries: we're copying 20 bytes, while its only 8 bytes that can be copied.

Now consider an example of buffer underflow error. This is the Chromium project.

void Time::Explode(..., Exploded* exploded) const {
  ...
  ZeroMemory(exploded, sizeof(exploded));
  ...
}

The ZeroMemory function clears only a part of the Exploded structure. The reason is that the 'sizeof' operator returns the pointer size. We need to dereference the pointer to fix the error.

ZeroMemory(exploded, sizeof(*exploded));

Other samples of errors and vulnerabilities detected with the help of the static analysis methodology can be found here.

References

Comments (0)

Next comments
Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter