{"title":"跟踪系统bug:为什么缓冲区溢出仍然存在?","authors":"C. Owen","doi":"10.1145/1294046.1294112","DOIUrl":null,"url":null,"abstract":"A buffer overrun is caused by the limited size of a string variable's allocated space and the unlimited size of the actual string that is stored in the space. In the C programming language, it is the programmer's responsibility to make sure the actual string size does not exceed the size of the space allocated for it. However, programmers sometimes fail to put in the necessary checks for string size. It is possible, when programming in C, to write past the end of the current string and into the allocated space for an entirely different variable. The affected variable may or may not be another string. However, the integrity of both variables will be compromised. This paper will present the results of an experiment which shows exactly what happens when strings and other variables are compromised in this way. Writing beyond the end of a string allocation seems like a trivial problem. These faults should be easy to find and fix. However, in reality, they are nearly impossible to find in many situations. The experiment makes the problem very clear so that everyone will understand why these faults are not easy to find and fix before they cause serious problems. Since this is a C programming language problem, and both Windows and Unix operating systems are written mostly in C, many system errors may be a result of this problem. Understanding the problem can save countless hours in system debugging.","PeriodicalId":277737,"journal":{"name":"Proceedings of the 35th annual ACM SIGUCCS fall conference","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Tracking system bugs: why are buffer overruns still around?\",\"authors\":\"C. Owen\",\"doi\":\"10.1145/1294046.1294112\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A buffer overrun is caused by the limited size of a string variable's allocated space and the unlimited size of the actual string that is stored in the space. In the C programming language, it is the programmer's responsibility to make sure the actual string size does not exceed the size of the space allocated for it. However, programmers sometimes fail to put in the necessary checks for string size. It is possible, when programming in C, to write past the end of the current string and into the allocated space for an entirely different variable. The affected variable may or may not be another string. However, the integrity of both variables will be compromised. This paper will present the results of an experiment which shows exactly what happens when strings and other variables are compromised in this way. Writing beyond the end of a string allocation seems like a trivial problem. These faults should be easy to find and fix. However, in reality, they are nearly impossible to find in many situations. The experiment makes the problem very clear so that everyone will understand why these faults are not easy to find and fix before they cause serious problems. Since this is a C programming language problem, and both Windows and Unix operating systems are written mostly in C, many system errors may be a result of this problem. Understanding the problem can save countless hours in system debugging.\",\"PeriodicalId\":277737,\"journal\":{\"name\":\"Proceedings of the 35th annual ACM SIGUCCS fall conference\",\"volume\":\"8 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-10-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 35th annual ACM SIGUCCS fall conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1294046.1294112\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 35th annual ACM SIGUCCS fall conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1294046.1294112","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Tracking system bugs: why are buffer overruns still around?
A buffer overrun is caused by the limited size of a string variable's allocated space and the unlimited size of the actual string that is stored in the space. In the C programming language, it is the programmer's responsibility to make sure the actual string size does not exceed the size of the space allocated for it. However, programmers sometimes fail to put in the necessary checks for string size. It is possible, when programming in C, to write past the end of the current string and into the allocated space for an entirely different variable. The affected variable may or may not be another string. However, the integrity of both variables will be compromised. This paper will present the results of an experiment which shows exactly what happens when strings and other variables are compromised in this way. Writing beyond the end of a string allocation seems like a trivial problem. These faults should be easy to find and fix. However, in reality, they are nearly impossible to find in many situations. The experiment makes the problem very clear so that everyone will understand why these faults are not easy to find and fix before they cause serious problems. Since this is a C programming language problem, and both Windows and Unix operating systems are written mostly in C, many system errors may be a result of this problem. Understanding the problem can save countless hours in system debugging.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
