Buffer Overflow (vs) Buffer OverRun (vs) Stack Overflow

Solution 1

Think of a buffer as just an array. People often use "overflow" and "overrun" interchangeably for any time you try to reference an index beyond the end of the array, and that's fine. Personally, I make a distinction:

A buffer overflow is when you try to put more items in the array than the array can hold. They flow out of the end of the buffer. In other words, it comes from writing.

A buffer overrun is when you are iterating over the buffer and keep reading past the end of the array. Your iterator is running through the buffer and keeps going. In other words, it comes from reading.

A stack overflow is much different. Most modern programming environments are stack-based, where they use a stack data structure to control program flow. Every time you call a function, a new item is placed on the program's call stack. When the function returns, the item is popped from the stack. When the stack is empty, the program stops. The thing is, this stack has a limited size. It is possible to call too many functions at one time and fill up the stack. At this point you have a stack overflow. The most common way to do this is when a function calls itself (recursion).

Solution 2

Bufferoverflow / Bufferoverrun:

void k()
{
    BYTE buf[5];
    for( int i = 0; i < 10; ++i )
        buf[i] = 0xcd;
}

Stackoverflow :

void f()
{
     int k = 0;
     f();
}

Solution 3

You can have difference between buffer overflow and buffer overrun in C/C++:

• We could define overflow when you index/point beyond the original buffer size (e.g read the 6th element of a 3 element array)
• We could define overrun, when you have multiple adjacent buffers after each other, and you index into the second (e.g read the 6th element of the first 3-element array but you get the 3rd element of the second 3-element array).

Stack overflow is kinda buffer overflow when you fill your entire stack 'memory buffer'.

Author by

Prasad

I am back

Updated on July 15, 2022