malloc and buffer overflow attacks
newshound2 at digitalmars.com
Fri Dec 31 00:13:56 UTC 2021
While D offers buffer overflow detection, it does not protect against buffer
overflows resulting from an array size calculation overflow:
T* p = cast(T*)malloc(len * T.sizeof);
What if `len*T.sizeof` overflows? malloc() will succeed, but the result will be
too small for the data.
I decided to grep dmd for such allocations:
and fix them with overflow checks. I recommend everyone check their own projects
and eliminate such vulnerabilities.
I post this as I've recently seen reports on malware injection being enabled by
presenting specially crafted input data to a program that causes an overflow on
the allocation, then overwrites the data beyond the truncated allocated memory.
More information about the Digitalmars-d