Re: Public disclosure of discovered vulnerabilities

From: Nick Maclaren (nmm1_at_cus.cam.ac.uk)
Date: 06/09/05 

Date: 9 Jun 2005 13:50:03 GMT

In article <d89g21$9l0$2@agate.berkeley.edu>,
daw@taverner.cs.berkeley.edu (David Wagner) writes:
|> Vernon Schryver wrote:
|> >I can't think what you might mean by "stack overflow."
|>
|> "stack overflow" is a term that refers to a buffer overrun
|> in a buffer stored on the stack. e.g.,
|> void f() {
|> char buf[80];
|> gets(buf);
|> }
|> That's a stack overflow, because buf[] is a stack-allocated buffer.

No, that's a buffer overrun. A stack overflow is when an area
of data is provided for use as a stack, and the program fails
to stop the recursion or nesting before it goes over the end
(i.e. there are too many levels or they are too large for the
space available). That area may or may not be the 'ordinary'
stack, and may contain any kind of data - from plain integers
through interrupts to hardware states.

The specific case of buffer overruns for buffers placed on the
primary stack (especially a falling one) is somewhat easier to
use to break security than many other forms, which is why it has
got so much attention and some people have attempted to hijack
the term "stack overflow" for it. But that is erroneous.

Regards,
Nick Maclaren.

Quantcast