[3246] in bugtraq
Re: libresolv+ bug
daemon@ATHENA.MIT.EDU (Julian Assange)
Thu Aug 22 03:20:32 1996
Date: Thu, 22 Aug 1996 10:53:36 +1000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Julian Assange <proff@suburbia.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <4vfsd9$nfb@fludd.myrus> from "Zygo Blaxell" at Aug 21,
96 04:43:21 pm
> A simple and reasonably efficient implementation would simply arrange for
> arrays to be allocated at the end of a hardware memory page. So, assuming
> a CPU with a stack that grows downward, 4-byte ints and 4K pages, we have
> memory that might look like this:
>
> 0x00122000: 4096 unallocated, read/write prohibited bytes
> 0x00123000: 3996 unallocated bytes
> 100 bytes for 'buf'
> 0x00124000: 4096 unallocated, read/write prohibited bytes
> 0x00125000: 3096 unallocated bytes
> 1000 bytes for 'buf2'
> 0x00126000: 4096 unallocated, read/write prohibited bytes
> 0x00127000: unknown number of unallocated bytes
> 12 bytes for a, b, and c
> stack frame for 'foo'
> foo's caller's automatic variables and frame
> foo's caller's caller's automatic variables and frame
>
> It's mostly safe to allow the stack frame for a function that is called
> by 'foo' to appear immediately before 'buf', but not safe to allow the
> non-array variables (a, b, c) to be there. Any buffer overrun at the high
> end of the buffer would cause a segmentation fault, but a buffer underrun
> at the low end of the buffer would silently clobber anything else in
> the same page. It would be caught if the overrun hit the low end of the
> page.
There is a malloc debuging package called "Electric Fence", developed at pixar,
which does just this.
--
"Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience." - C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
|proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+
