buffer-overrun

I just found out that there is a STATUS_STACK_BUFFER_OVERRUN and a STATUS_STACK_OVERFLOW. What's the difference between those 2? I just found Stack overflow (stack exhaustion) not the same as stack buffer overflow but either it doesn't explain it or I don't understand it. Can you help me out? Regards Tobias Consider the following stack which grows downward in memory: +----------------+ | some data | | +----------------+ | growth of stack | 20-byte string | V +----------------+ limit of stack A buffer overrun occurs when you write 30 bytes to your 20-byte string. This corrupts entries further

Can there be buffer overflow/overrun vulnerabilities in completely managed asp.net web portal.If yes how can this be tested. Not unless you exploit the webserver or .NET/ASP.NET stack itself. In the general case, you don't need to worry about buffer overruns. This is one of the major advantages of managed code, garbage collection being perhaps the other major advantage. There are a few edge cases that you should be aware of - any time your managed code interacts with unmanaged code (Win32 API calls, COM interop, P/Invoke, etc) there is a potential for buffer overruns in the unmanaged code,

From man gets : Never use gets(). Because it is impossible to tell without knowing the data in advance how many characters gets() will read, and because gets() will continue to store characters past the end of the buffer, it is extremely dangerous to use. It has been used to break computer security. Use fgets() instead. Almost everywhere I see scanf being used in a way that should have the same problem ( buffer overflow/buffer overrun ): scanf("%s",string) . This problem exists in this case? Why there are no references about it in the scanf man page? Why gcc does not warn when compiling this

If you are someone who programs in C or C++, without the managed-language benefits of memory management, type checking or buffer overrun protection, using pointer arithmetic, how do you make sure that your programs are safe? Do you use a lot of unit tests, or are you just a cautious coder? Do you have other methods? All of the above. I use: A lot of caution Smart Pointers as much as possible Data structures which have been tested, a lot of standard library Unit tests all the time Memory validation tools like MemValidator and AppVerifier Pray every night it doesn't crash on customer site.

I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know). I've decided to removing the buffer overflows first. To make my bug-hunting easier, what tools can be used to check for buffer overruns? On Linux I'd use Valgrind. Consider using more modern data structures as a way of avoiding buffer overflows. Reading into a std::string won't overflow, and std::vectors are much safer than arrays. I don't know what your application is, and it's

Does Java have buffer overflows? If yes can you give me scenarios? Since Java Strings are based on char arrays and Java automatically checks array bounds, buffer overflows are only possible in unusual scenarios: If you call native code via JNI In the JVM itself (usually written in C++) The interpreter or JIT compiler does not work correctly (Java bytecode mandated bounds checks) Managed languages such as Java and C# do not have these problems, but the specific virtual machines (JVM/CLR/etc) which actually run the code may. For all intents and purposes, no. Java has array bounds checking which