Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Bounds checking - historical aside

From: r.fulton () AUCKLAND AC NZ (Russell Fulton)
Date: Tue, 21 Jul 1998 14:18:42 +1200

[Aleph One:  This is a little historical aside on the issue of bounds
checking]

On Sat, 18 Jul 1998 00:51:55 +0000 Niall Smart <rotel () indigo ie> wrote:


There are at least 3 ways to solve the problem of buffer overflows:

 1) Use a language which doesn't involve manipulation of buffers at
    the language level, e.g. Java.

 2) Use a compiler which will generate code such that it will
    never overflow a buffer, e.g. one of the Ada/Modula/Pascal
    compilers, or the hypothetical bounds checking C compiler.

 3) Write programs which will never overflow their buffers.



I will add another:

   4) Use hardware that supports bounds checking.

OK This isn't an option for most of us since most HW architectures that
we are currently stuck with don't implement bounds checking. Going back
a few years (mid 70's) we had a Burroughs B6700 which had a stack based
architechure and used a segmentent memory model.  Each array or string
was allocated its own segment and was accessed through a descriptor
which held base address and bounds information.  There was a hardware
index instruction which retrieved the data and performed the bounds
check potentially in parallel.  (There were also hardware string copy
and compare operators).

In those days FORTRAN ruled and we often had visiting staff trying to
run their programs on the B6700 only to have is spit it out with an
"INVALID INDEX" message.  The usual response was "What's wrong with
your computer, this program is in use by 100s of people all over the
world and I have been using it for x years without problems".

The more things change the more they stay the same.

I have very fond memories of the B6700, it was by far the best machine
I ever worked on.

Cheers, Russell.
Previous By Date Next
Previous By Thread Next

Current thread: