Return to Video

Buffer Overflows - Software Debugging

  • 0:00 - 0:05
    Needless to say, this behavior of C and C++ programs opens the door
  • 0:05 - 0:08
    for many many ways of abusing the system.
  • 0:08 - 0:15
    You may have heard buffer overflows, which exploit precisely this flaw in C and C++
  • 0:15 - 0:20
    where people not only read but write beyond the elements of an array
  • 0:20 - 0:25
    in order to supplant malicious code and select locations of the memory.
  • 0:25 - 0:29
    This opens the door for all sorts of interesting hacks, of course.
  • 0:29 - 0:31
    How can one detect such errors?
  • 0:31 - 0:34
    What we need is a system invariant that continuously
  • 0:34 - 0:38
    checks the boundaries of an array against reads and writes.
  • 0:38 - 0:45
    What a tool can do for instance is constantly monitor the uninitialized areas
  • 0:45 - 0:49
    for reads and writes with every single instructions that is,
  • 0:49 - 0:55
    and whenever the program tries to access some system memory that is not allocated,
  • 0:55 - 1:01
    what will happen is that the invariant checker raises an exception or otherwise aborts the program
  • 1:01 - 1:05
    and therefore allows us to detect this kind of error.
  • 1:05 - 1:10
    Tools for C and C++ help you do that, include tools like electric fence,
  • 1:10 - 1:17
    which is precisely that, places these blocks in front and before every allocated block
  • 1:17 - 1:22
    and therefore detects when reads and writes happened outside of these allocated areas.
  • 1:22 - 1:28
    And the second important tool here is Valgrind, which actually is an interpreter for x86 binaries
  • 1:28 - 1:32
    in which also allows us to monitor accesses to non-initialized code for C and C++ programs.
タイトル:
Buffer Overflows - Software Debugging
Video Language:
English
Team:
Udacity
プロジェクト:
CS259 - Software Debugging
Duration:
01:37

English subtitles

改訂 Compare revisions