Re: [Lit.] Buffer overruns

From: Brian Inglis (Brian.Inglis_at_SystematicSW.Invalid)
Date: 02/01/05

Next message: Phil Carmody: "Re: [Lit.] Buffer overruns"
Previous message: BRG: "Re: [Lit.] Buffer overruns"
In reply to: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
Next in thread: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
Reply: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 01 Feb 2005 15:02:10 GMT

On Tue, 1 Feb 2005 11:00:55 +0000 in alt.folklore.computers, Steve
O'Hara-Smith <steveo@eircom.net> wrote:

>On Tue, 1 Feb 2005 06:37:13 +0000 (UTC)
>infobahn <infobahn@btinternet.com> wrote:
>
>> David Wagner wrote:
>> >
>> > infobahn wrote:
>> > >I take overruns far /more/ seriously than many
>> > >of the security people who've discussed the matter here.
>> >
>> > I would have thought someone who really took buffer overruns seriously
>> > would strive to use both the most careful development methodology they
>> > could
>> > afford *and* ABC.
>>
>> Oh, be nice. :-)
>>
>> I've tried hard to understand how you could possibly need ABC in
>> production, and I have begun to realise that it /is/ necessary if
>> your programmers don't actually understand the C language in
>
> Adding ABC to C is *really* difficult. Any function that takes
>a pointer as an argument has no access to information on the bounds for
>manipulating that pointer, to make matters worse those bounds may be
>determined at run time (eg. in a malloc call) or at compile time and
>the function may live in a shared library. I won't say it's impossible
>to do ABC for C, but it's certainly not easy. To make ABC easy to implement
>you have to use a base and offset paradigm instead of a pointer paradigm.

base == pointer, offset == 0; any easier?

-- 
Thanks. Take care, Brian Inglis 	Calgary, Alberta, Canada
Brian.Inglis@CSi.com 	(Brian[dot]Inglis{at}SystematicSW[dot]ab[dot]ca)
    fake address		use address above to reply

Next message: Phil Carmody: "Re: [Lit.] Buffer overruns"
Previous message: BRG: "Re: [Lit.] Buffer overruns"
In reply to: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
Next in thread: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
Reply: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Why ABCs make bad Interfaces
... > equivalent to an Abstract Base Class (ABC). ... > because it is common practice to implement an interface using ABC's. ... To convert an object to its interface, you return a fat pointer ... The NaiveInt constructor has to set up the vtables, ...
(comp.object)
Re: Validating a Pointer ! Segmentation fault
... Now, sometimes I get SEG fault, that's because memory pointed to by ... abc is not always valid, but most of the time it is. ... Execute a system call which takes a pointer to some area in userpace ... memory as one if its arguments and see if it fails ...
(comp.unix.programmer)
Re: offsetof
... char *abc; ... I have pointer to tmp variable in this structure. ... offsetoffunction to access value stored in abc. ...
(comp.lang.c)
Re: How do I reuse a pointer?
... Beverage* pbeverage = new Espresso; ... and you use a pointer by mistake after having called ... you're likely to get a memory fault. ... Abc* abc = new Abc; ...
(microsoft.public.vc.language)
Re: [Lit.] Buffer overruns
... manipulating that pointer, to make matters worse those bounds may be ... to do ABC for C, ... To make ABC easy to implement ... you have to use a base and offset paradigm instead of a pointer paradigm. ...
(sci.crypt)