The so-called overflow in a broad sense is out of scope , Integer overflow , such as 8 Byte unsigned integers are 0 reach 255 0 - 1 It's underflow 255 + 1 It is overflow On the subject int f(int x) {
int a[10]; a[11] = x; }
This is stack overflow ,x It's written where it shouldn't be written . In a specific compilation mode , this x Will be covered f Original return address . That is, it should have returned to the call location f function , Back to x Where to point . Normally, the program crashes . But if x Was deliberately targeted at a piece of malicious code , This malicious code will be executed .
Heap overflow is relatively complex , Because the implementation of various environment heaps is not exactly the same . However, the program managed heap must have additional data to mark the various information of the heap . If the heap memory is assigned as above, the logical structure of the heap may be destroyed . And then modify the data that could not be accessed .
int f(char *s, int n) { char a[10]; memcpy(a, s, n); }
This is a more realistic example of stack overflow , If the incoming data length is greater than 10 It will cause overflow , And then change f Return address of . As long as malicious code is written to a specific address in advance , The code will be executed .
One case of heap overflow executing malicious code is to destroy the heap structure by too long data , Enables the next application to be able to obtain the location of some specific function pointers , Then modify it .
A common feature of stack overflow and heap overflow is that the third party can completely rely on providing specific data to achieve code level intrusion . If you play games, you may know PSP3000 The crack of , What we use is PSP systems display tiff A file overflow vulnerability .tiff The file contains an intrusion code , load tiff This code will also be loaded when the file is loaded , It's just that at this time, it's impossible for each to be executed . however tiff Some of the data in is very long , And the extra long part contains the location of the intrusion code . When the system reads this part of the data, the intrusion code will be executed .

©2019-2020 Toolsou All rights reserved,
Forbes China Auto rich list : He xiaopengdi 11 Li Xiangdi 14 Li Bindi 15 Change one's mind ! Tesla starts to deliver made in China to European market Model 3 The difference between memory overflow and memory leak , Causes and Solutions Character recognition technology of vehicle license plate based on Neural Network Vue Transfer parameters and receiving of page Jump SparkSQL Achieve partition overlay write 1190 Reverses the substring between each pair of parentheses leetcode Note 14 : The second biggest obstacle to motivating others in R & D management Chrome OS, For programmers and Windows What does it mean ? Internet Marketing JAVA Convert a string to a numeric type