Spring Speed Leap: AMD Athlon64 FX-53

Buffer Overflow: The Dangers

A buffer overflow can occur in two cases: either when too much data are written to the buffer in RAM or when the latter proves to be too small. Good software manages the worst cases of buffer overflow and, in ideal cases, can catch all critical exceptions by changing the buffer size or denying some or all of the data headed for the buffer or by amending it.

The problem with a buffer overflow is that adjoining memory areas are overwritten. The very worst thing that can happen is when data content is not entirely "wiped" (segmentation fault), but is simply defective. You don't need to be told how quickly sequence errors snowball, and how difficult it is to analyze what went wrong after the event.

Overflowing a buffer by entering excessive values is not a cause for total disaster as only data are overwritten - the program running is elsewhere in the main memory. Hence a program has to be spirited in - the actual virus.

The whole thing gets perilous when local variables overflow. These are saved to that part of the memory called the stack, together with the return address of program to be executed. Once a hacker has figured out a way to deliberately create an overflow, he can change the return address at will and thus execute a program without the user's assent.

This becomes possible through a simple string function that copies the values in the stack from one address to another. No automatic check is made to verify whether the target address has enough space. The hacker can thus comfortably overwrite the adjoining return address as well.

You might say that malicious programs take up more space than a few Bytes or kiloBytes on the stack. In practice, however, this is all that's needed. Windows, after all, provides hundreds of service programs and function libraries (DLLs - Dynamic Link Libraries) that the virus is also free to abuse.

To nip these scenarios in the bud, blocking memory areas (return address) in the event of a buffer overflow is obviously an option. Microsoft, however, has yet to come up with the goods in this respect. Solaris or Linux, meanwhile, enabled NX long ago.