Skip to main content

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

2
  • i could definitely see how one could take advantage of this (as you can access all memory of the machine). I guess the idea is that it all depends on the specific situation - in this, the application does not bounds check the allocation of an array, where the array's size is an integer. My mind was stuck on the simple 'buffer overflow' and was thinking there was some way to have 'int x = y + z * w' where y and z and w were all user defined, and in that statement could somehow write over memory in a reliable fashion. Commented May 26, 2010 at 15:25
  • 1
    Well, my example has the application doing a bounds check on array allocation, but in effect that check is defeated by having overflow in array bound itself. You can make your example work like this: x=y+z; data[x] where the computation for x overflows. In C, there is no complaint; you get by definition @(&data+x). If you can set to x to anything (by overflow), you can access anything. Commented May 26, 2010 at 17:22