Bugtraq mailing list archives
Re: "Buffer overflow" term considered overloaded
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Mon, 25 Sep 2006 02:46:34 +0100
Steven M. Christey wrote:
In "Re: IE ActiveX 0day?" to Bugtraq on September 18, Alexander Sotirov asked:What is your definition of memory corruption? How can a buffer overflow not be a memory corruption error?The term "buffer overflow" continues to be too general for the variety of issues out there. Array index/offset errors, buffer "underflows," out-of-bounds reads, frees of invalid pointers, length field inconsistencies, off-by-ones, insufficient memory allocation that is resultant from integer overflows, other kinds of incorrect size calculations, and other problems all involve memory access outside of expected boundaries, so they are called "buffer overflows." But they are different than the "classic" overflows that strcpy() is known for.
Indeed. The distinction between "heap overflow" and "stack overflow" is far more information-bearing than the generic description "buffer overflow." cheers, DaveK -- Can't think of a witty .sigline today....
Current thread:
- "Buffer overflow" term considered overloaded Steven M. Christey (Sep 23)
- Re: "Buffer overflow" term considered overloaded Dave "No, not that one" Korn (Sep 25)