- Forward


Corrupting Memory in C Programs
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Motivation
Back SMYC Forward
  • Characteristics of C:
    • Lightweight - Many things are the responsibility of the programmer, not the language
    • Permissive - The language does not prevent the programmer from doing almost anything
    • Close to the Machine - Many operations are defined in terms of how the target machine's hardware does it, not a general abstract rule
  • An Implication:
    • C programs often manipulate memory at a low level and, hence, can corrupt memory
Kinds of Corruptions
Back SMYC Forward
  • Resulting from Buffer Overflow:
    • Using memory locations adjacent to a buffer (e.g., an explicit array, a string)
  • Resulting from Pointer Defects:
    • Using pointers to inappropriate addresses
What Can Be Corrupted?
Back SMYC Forward
  • Which Entities?
    • Values
    • Pointers to values
    • Pointers to functions
    • Return addresses
  • Which Memory Segments?
    • Data segment
    • Stack
    • Heap
A String Overflow in the Data Segment
Back SMYC Forward
cexamples/bufferoverflow/unix/string_overflow_data.c
 
A String Overflow on the Stack
Back SMYC Forward
cexamples/bufferoverflow/unix/string_overflow_stack.c
 

Note: Many C compilers now try to mitigate overflows on the stack (e.g., using stack canaries, locating strings at the highest addresses). Hence, these mitigations may need to be disabled (temporarily) to see what can happen in their absence (e.g., using -fno-stack-protector).

A Pointer Defect on the Stack
Back SMYC Forward
cexamples/memorycorruption/unix/pointer_defect_stack.c
 
There's Always More to Learn
Back -