J
John Goche
A lot of C++ code allocates a buffer and initializes
start and end pointers as follows:
+-------------------------------+
+ +
+-------------------------------+
^ ^
| |
pStart pEnd
setting pEnd = pStart + bufLen
But what if the buffer is allocated at the very end of memory
and just fits. Then pEnd == MEM_MAX + 1 == 0 and so
library users could tamper with code by creating a buffer
of suitable size. Can this happen in practice?
JG
start and end pointers as follows:
+-------------------------------+
+ +
+-------------------------------+
^ ^
| |
pStart pEnd
setting pEnd = pStart + bufLen
But what if the buffer is allocated at the very end of memory
and just fits. Then pEnd == MEM_MAX + 1 == 0 and so
library users could tamper with code by creating a buffer
of suitable size. Can this happen in practice?
JG