Re: Buffer Overflow
From: Absolute Newbie (absnewbie@hotmail.com)
Date: 04/06/03
- Next message: Jim Bo: "Re: Running Process + Disk Image"
- Previous message: Kurtis D. Rader: "Re: Running Process + Disk Image"
- In reply to: Juha Laiho: "Re: Buffer Overflow"
- Next in thread: Valentin Nechayev: "Re: Buffer Overflow"
- Reply: Valentin Nechayev: "Re: Buffer Overflow"
- Reply: Randy Howard: "Re: Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: absnewbie@hotmail.com (Absolute Newbie) Date: 5 Apr 2003 17:20:47 -0800
Juha Laiho <Juha.Laiho@iki.fi> wrote:
-------------------------------------
> I've been bitten by this - and there is a need to zero the buffer you get
> from malloc(): while the OS memory allocation routines will clear (to
> some value; I think the actual value hasn't been specified) the memory
> areas they're giving to your process, malloc() may also return memory
> that was already used by your process, but free()'d (but still not yet
> returned to the OS). And in this case the contents will not be scrubbed;
> the memory will contain whatever it did contain when your program freed
> the area.
A simple way to avoid unpredicted results is to always use calloc()
instead of malloc(). calloc() will zero out the buffer upon
allocation:
char *buffer = calloc(1024, 1);
instead of:
char *buffer = malloc(1024);
memset(buffer, 0, 1024); /* you could forget this one :) */
regards,
absnewbie
- Next message: Jim Bo: "Re: Running Process + Disk Image"
- Previous message: Kurtis D. Rader: "Re: Running Process + Disk Image"
- In reply to: Juha Laiho: "Re: Buffer Overflow"
- Next in thread: Valentin Nechayev: "Re: Buffer Overflow"
- Reply: Valentin Nechayev: "Re: Buffer Overflow"
- Reply: Randy Howard: "Re: Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
