Google Answers Logo
View Question
 
Q: What is a "buffer overrun"? ( Answered 5 out of 5 stars,   1 Comment )
Question  
Subject: What is a "buffer overrun"?
Category: Computers > Programming
Asked by: grthumongous-ga
List Price: $5.00		 Posted: 11 Feb 2004 03:31 PST
Expires: 12 Mar 2004 03:31 PST
Question ID: 305688 
In layman's terms what is a "buffer Overrun"?
Answer  
Subject: Re: What is a "buffer overrun"?
Answered By: easterangel-ga on 11 Feb 2004 04:11 PST
Rated:5 out of 5 stars		  
Hi! Thanks for the question.

I have found some simple explanations of buffer overruns from the
following articles.

"In layman's terms, a system is vulnerable to buffer overruns when the
memory allocated for a given data transfer is not sufficient and data
overflows its allotted cup, so to speak. In and of itself, other than
data loss, an overrun is relatively benign. But hackers can use the
overrun to write code to other parts of the system that should be
protected. When malicious data (e.g., a virus) overflows its cup,
there's no telling how or where the data might damage the system."

"Microsoft's latest security problem"
http://www.computeruser.com/articles/daily/8,6,1,1126,01.html


"A buffer overrun is where a variable, that has a set storage limit
exceeds the storage limit. When this happens the data that goes over
the storage limit overwrites other places in the memory. This is
dangerous, because the spot where the memory is overwritten may be
shell information for the operating system, sensitive data, or other
important data. This can cause odd results within programs."

"Buffer Overruns"
http://ltpb.8m.com/tutorial/Buffer.html


"A buffer is a block of contiguous memory locations that a program has
reserved to hold data. An overrun occurs if a program allows a user to
enter more data into a buffer than it is designed to hold. For
example, if a user enters 101 bytes of data into a buffer that?s only
100 bytes in size, the extra byte of data is going to overrun the
buffer."

"Most buffer overrun vulnerabilities are the result of poor practices
by programmers working with arrays in C and C++. These languages have
a number of built-in functions that allow more data to be entered into
an array than it?s designed to hold. Programmers should avoid using
these functions, or they should write their code to check for invalid
input."

"Buffer Overrun Vulnerabilities in Microsoft Programs: Do You Really
Need to Apply All of the Security Patches?"
http://www.giac.org/practical/GSEC/Edward_Rietscha_GSEC.pdf


Search terms used:
"buffer Overruns" layman's terms
"what are buffer overruns"

I hope these links would help you in your research. Before rating this
answer, please ask for a clarification if you have a question or if
you would need further information.
                 
Thanks for visiting us.                
                 
Regards,                 
Easterangel-ga                 
Google Answers Researcher
grthumongous-ga rated this answer:5 out of 5 stars and gave an additional tip of: $10.00 
easterangel,
You have overrun my expectations.
Friendly Angel.... 42C

Comments  
Subject: Re: What is a "buffer overrun"?
From: easterangel-ga on 11 Feb 2004 14:40 PST		  
Thanks for such kind words, the nice rating and for the generous tip! :)
Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy