So here I believe that I have a small buffer overflow problem that I am reviewing someone else's code met. It immediately hit me wrongly and possibly dangerously, but assuming I can not understand the real consequences of this "mistake", if any.
I wrote a test app to display an error, but found (to my dismay) that it seems to run correctly, regardless of the overflow I want to believe That this is just a chance, but I need some feedback to decide if my thinking was wrong or if there is really a problem here which is not just showing its head in its test app.
> Problem code (I think this is anyway): char * buffer = new four [strenz ("this string is 27 letters long" + 1)]; Sprintf (buffer, "this string is 27 letters long"); Now, the reason for this was standing by me and I want to flag it as a potential buffer overflow because first strlen due to the pointer arithmetic, strlen will return code> ("its string length 27 characters long" due to the code '+ 1 ' incorrect 'placement will replace 27 Taking) Sprintf , I believe, then prints 27 characters in buffer and causes buffer overflow.
Is this an accurate assessment?
I wrote a test for the person to see this, which I was watching, and found that even the string in the debugger would be printed correctly. I also try to insert other variables on the stack and pile before and after this code to see if I can affect the neighboring areas of memory, but still getting the correct output. I know that my new allocated map memory can not be imminent, which will explain the lack of useful overflow, but I really want to confirm the opinions of others if it is indeed an issue.
There is a very simple "question", if you can support your answer with any reference, it would be good. When I recognize your input and welcome you, I am not accepting "yes it is" as the final answer. Please thank you in advance.
Update: Several good answers with additional information Unfortunately, I can not accept all of them. Thank you for sharing my knowledge and for my 'second opinion' I appreciate the help.
Your assessment is correct. In addition to the improvements mentioned by James Coon [edit]. [/ Edit]
It is possible that your test app does not show the problem because allocation is 4, 8 times the next or 16 (which is the common allocation granularity).
This means that you should be able to display with a long string of 31 characters.
Alternatively, use an "instrumentating" native memory profiler, which can keep the bits hanging around such an allocation.
Comments
Post a Comment