Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer."— Presentation transcript:

1 Software and Software Vulnerabilities

2 Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer arithmetic problems Formatted Output Output File I/O Others (the cwe.mitre.org taxonomy)

3 Arrays Array are data groupings; they are numbered sequentially. The programmer refers to them through a number (constant) or a variable (datum). The trouble is, sometimes the data doesn't have the value you expect..

4 Array overflows If you are referencing an array, are outside the array, and are modifying the array, you are really modifying something else: among the possibilities are:  Other data,  Instructions,  pointers

5 Stack overflows A stack is a special kind of array in that it is implemented in an array; the problem may be because you tro to store too much data in the stack.

6 Strings Strings are sequences of characters. They are either terminated by a special character (common) or their length is indicated somewhere (less common).

7 String problems String termination Off-by-one errors Buffer and input overflows Code injection Arc injection

8 Pointers

9 Pointer clobbering.

10 Dynamic memory management

11

12 Integer arithmetic problems

13

14 Formatted Output Output

15

16 File I/O

17

18 Others (the cwe.mitre.org taxonomy)

Download ppt "Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer."

Similar presentations

Introduction to C Programming

Introduction to C Programming
INSTRUCTION SET ARCHITECTURES

INSTRUCTION SET ARCHITECTURES
CSI 3120, Implementing subprograms, page 1 Implementing subprograms The environment in block-structured languages The structure of the activation stack.

CSI 3120, Implementing subprograms, page 1 Implementing subprograms The environment in block-structured languages The structure of the activation stack.
Strings.

Strings.
What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.

What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.
Nirmalya Roy School of Electrical Engineering and Computer Science Washington State University Cpt S 122 – Data Structures Characters and Strings.

Nirmalya Roy School of Electrical Engineering and Computer Science Washington State University Cpt S 122 – Data Structures Characters and Strings.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Chapter Four Data Types Pratt 2 Data Objects A run-time grouping of one or more pieces of data in a virtual machine a container for data it can be –system.

Chapter Four Data Types Pratt 2 Data Objects A run-time grouping of one or more pieces of data in a virtual machine a container for data it can be –system.
Inline Assembly Section 1: Recitation 7. In the early days of computing, most programs were written in assembly code. –Unmanageable because No type checking,

Inline Assembly Section 1: Recitation 7. In the early days of computing, most programs were written in assembly code. –Unmanageable because No type checking,
Chapter 11 C File Processing Acknowledgment The notes are adapted from those provided by Deitel & Associates, Inc. and Pearson Education Inc.

Chapter 11 C File Processing Acknowledgment The notes are adapted from those provided by Deitel & Associates, Inc. and Pearson Education Inc.
1 Homework Turn in HW2 at start of next class. Starting Chapter 2 K&R. Read ahead. HW3 is on line. –Due: class 9, but a lot to do! –You may want to get.

1 Homework Turn in HW2 at start of next class. Starting Chapter 2 K&R. Read ahead. HW3 is on line. –Due: class 9, but a lot to do! –You may want to get.
Pointers A pointer is a variable that contains memory address as its value. A variable directly contains a specific value. A pointer contains an address.

Pointers A pointer is a variable that contains memory address as its value. A variable directly contains a specific value. A pointer contains an address.
1 Computer System Overview OS-1 Course AA 2000-2001.

1 Computer System Overview OS-1 Course AA
State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.

State Machines Timing Computer Bus Computer Performance Instruction Set Architectures RISC / CISC Machines.
Elementary Data Types Scalar Data Types Numerical Data Types Other

Elementary Data Types Scalar Data Types Numerical Data Types Other
C pointers (Reek, Ch. 6) 1CS 3090: Safety Critical Programming in C.

C pointers (Reek, Ch. 6) 1CS 3090: Safety Critical Programming in C.
Arrays and Pointers in C Alan L. Cox

Arrays and Pointers in C Alan L. Cox
Examining the Code [Reading assignment: Chapter 6, pp. 91-104]

Examining the Code [Reading assignment: Chapter 6, pp ]
Java Security Updated May 2007. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.

Java Security Updated May Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

Similar presentations

Ads by Google