malloc and buffer overflow attacks
claptrap
clap at trap.com
Fri Dec 31 08:46:59 UTC 2021
On Friday, 31 December 2021 at 00:13:56 UTC, Walter Bright wrote:
> While D offers buffer overflow detection, it does not protect
> against buffer overflows resulting from an array size
> calculation overflow:
>
> T* p = cast(T*)malloc(len * T.sizeof);
>
> What if `len*T.sizeof` overflows? malloc() will succeed, but
> the result will be too small for the data.
>
> I decided to grep dmd for such allocations:
>
> https://github.com/dlang/dmd/pull/13479/files
>
> and fix them with overflow checks. I recommend everyone check
> their own projects and eliminate such vulnerabilities.
>
> I post this as I've recently seen reports on malware injection
> being enabled by presenting specially crafted input data to a
> program that causes an overflow on the allocation, then
> overwrites the data beyond the truncated allocated memory.
are the asserts not taken out in release mode?
More information about the Digitalmars-d
mailing list