Re: [Lit.] Buffer overruns

• Previous message: Harshul: "Re: Any study on patch availability?"
• Maybe in reply to: D. J. Bernstein: "Re: [Lit.] Buffer overruns"
• Next in thread: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
• Reply: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 27 Dec 2004 21:37:14 +0000 (UTC)

Douglas A. Gwyn wrote:
> None of that has anything to do with code that
> obliviously tries to put more data into an object than
> will fit into it, which is the topic of this thread.

Resources are limited, Doug. There's always a risk of running out of
space. That's life. What exactly should a program do when it runs out of
space for storing something?

Sribbling all over memory (or disk space)---for example, overwriting a
return address---is obviously bad. What the program should do instead is
raise an exception. Some applications handle the exception by trying
again later; other applications inform another program, or a user, to
try again later, or to give up if there's no hope.

My sample program illustrates this. If it runs out of space, it notices,
and it raises an exception (communicated through its exit code), exactly
as it should. The basic point you keep missing is that C MAKES THIS
UNNECESSARILY DIFFICULT. It's easier, in C, to scribble all over memory.
I had to include an extra line of code in the program to make it behave
properly; see the len comparison at the top of the inner loop?

There are other programming environments that fix this ease-of-use
problem. These programming environments make my good program easier to
write---I don't need to bother with the len comparison!---while making a
bad scribble-all-over-memory program much harder to write.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

• Previous message: Harshul: "Re: Any study on patch availability?"
• Maybe in reply to: D. J. Bernstein: "Re: [Lit.] Buffer overruns"
• Next in thread: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
• Reply: Douglas A. Gwyn: "Re: [Lit.] Buffer overruns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [Lit.] Buffer overruns ... Some applications handle the exception by trying ... There are other programming environments that fix this ease-of-use ... These programming environments make my good program easier to ... bad scribble-all-over-memory program much harder to write. ... (sci.crypt) Re: [Lit.] Buffer overruns ... Some applications handle the exception by trying ... It's easier, in C, to scribble all over memory. ... These programming environments make my good program easier to ... (sci.crypt) Re: [Lit.] Buffer overruns ... Some applications handle the exception by trying ... It's easier, in C, to scribble all over memory. ... These programming environments make my good program easier to ... (comp.security.unix)