Jump to content

Heap overflow

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Smaffy (talk | contribs) at 01:35, 1 May 2003 (argh.. i am dizzy!). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A heap overflow is the same thing as a buffer overflow occuring in the heap data area. The heap is allocated by the application at run-time and is mostly suposed to contain dynamic data.

Heap overflows is sometimes used by crackers to exploit badly written software. The technique is quiet simple; if an application copies data without first checking if it fits into the target destination, the cracker could supply the application with a too large piece of data and thus overwriting variables near the destination. 

start:
   string_A = get_input_from_user()
   wiev_file(string_B)
   return_to_system()
data: 
string_A = a 20 letter long array
string_B = "some-textfile",0

An extremly bad written and vounerable program! All the cracker has to do is to type 20 random letters and then the name of the file she wishes to read. The filename that contains the passwords perhaps?

Retrieved from "https://en.wikipedia.org/w/index.php?title=Heap_overflow&oldid=878049"