Corrupting Memory in C Programs

Corrupting Memory in C Programs
An Introduction

Prof. David Bernstein
James Madison University

Computer Science Department

bernstdh@jmu.edu

Motivation

Characteristics of C:
- Lightweight - Many things are the responsibility of the programmer, not the language
- Permissive - The language does not prevent the programmer from doing almost anything
- Close to the Machine - Many operations are defined in terms of how the target machine's hardware does it, not a general abstract rule
An Implication:
- C programs often manipulate memory at a low level and, hence, can corrupt memory

Kinds of Corruptions

Resulting from Buffer Overflow:
- Using memory locations adjacent to a buffer (e.g., an explicit array, a string)
Resulting from Pointer Defects:
- Using pointers to inappropriate addresses

What Can Be Corrupted?

Which Entities?
- Values
- Pointers to values
- Pointers to functions
- Return addresses
Which Memory Segments?
- Data segment
- Stack
- Heap

A String Overflow in the Data Segment

cexamples/bufferoverflow/unix/string_overflow_data.c

A String Overflow on the Stack

cexamples/bufferoverflow/unix/string_overflow_stack.c

Note: Many C compilers now try to mitigate overflows on the stack (e.g., using stack canaries, locating strings at the highest addresses). Hence, these mitigations may need to be disabled (temporarily) to see what can happen in their absence (e.g., using -fno-stack-protector).

A Pointer Defect on the Stack

cexamples/memorycorruption/unix/pointer_defect_stack.c

There's Always More to Learn