Buffer Overflow (vs) Buffer OverRun (vs) Stack Overflow
Solution 1
Think of a buffer as just an array. People often use "overflow" and "overrun" interchangeably for any time you try to reference an index beyond the end of the array, and that's fine. Personally, I make a distinction:
A buffer overflow is when you try to put more items in the array than the array can hold. They flow out of the end of the buffer. In other words, it comes from writing.
A buffer overrun is when you are iterating over the buffer and keep reading past the end of the array. Your iterator is running through the buffer and keeps going. In other words, it comes from reading.
A stack overflow is much different. Most modern programming environments are stack-based, where they use a stack data structure to control program flow. Every time you call a function, a new item is placed on the program's call stack. When the function returns, the item is popped from the stack. When the stack is empty, the program stops. The thing is, this stack has a limited size. It is possible to call too many functions at one time and fill up the stack. At this point you have a stack overflow. The most common way to do this is when a function calls itself (recursion).
Solution 2
Bufferoverflow / Bufferoverrun:
void k()
{
BYTE buf[5];
for( int i = 0; i < 10; ++i )
buf[i] = 0xcd;
}
Stackoverflow :
void f()
{
int k = 0;
f();
}
Solution 3
You can have difference between buffer overflow and buffer overrun in C/C++:
- We could define overflow when you index/point beyond the original buffer size (e.g read the 6th element of a 3 element array)
- We could define overrun, when you have multiple adjacent buffers after each other, and you index into the second (e.g read the 6th element of the first 3-element array but you get the 3rd element of the second 3-element array).
Stack overflow is kinda buffer overflow when you fill your entire stack 'memory buffer'.
Comments
-
Prasad almost 2 years
Possible Duplicate:
What is the difference between a stack overflow and buffer overflow ?What is the difference between Buffer Overflow and Buffer Overrun?
What is the difference between Buffer Overrun and Stack Overflow?
Please include code examples. I have looked at the terms in Wikipedia, but I am unable to match with programming in C or C++ or Java.
-
Prasad almost 15 yearsi found code for buffer run .. What it is really doing ?
-
Paul over 3 years"A buffer overrun [...] comes from reading" - source?
-
underthevoid over 3 yearsWould like to check that source for the same quote as @Paul
-
Joel Coehoorn over 3 years@underthevoid This is very old, but go back and read my second and third sentences very carefully.
-
underthevoid over 3 yearsYou mean by it's being a subjective personal distinction of yours?
-
Joel Coehoorn over 3 years@underthevoid Yes, but one people seem to agree with.
-
Joel Coehoorn over 3 yearsDrawing my attention back here today, I did opt to also make a few small edits, one of which emphasizes the "personal" nature a bit.