Heap overflow
From Wikipedia, the free encyclopedia
A heap overflow is a type of buffer overflow that occurs in the heap data area.
Contents |
[edit] Causes
Like all buffer overflows, a heap overflow may be introduced accidentally by an application programmer, or it may result from a deliberate exploit. In either case, the overflow occurs when an application copies more data into a buffer than the buffer was designed to contain.
A routine is vulnerable to exploitation if it copies data to a buffer without first verifying that the source will fit into the destination.
[edit] Consequences
An accidental overflow may result in data corruption or unexpected behavior by any process which uses the affected memory area. On operating systems without memory protection, this could be any process on the system.
A deliberate exploit may result in data at a specific location being altered in an arbitrary way, or in arbitrary code being executed.
The Microsoft JPEG GDI+ vulnerability MS04-028 is an example of the danger a heap overflow can represent to a computer user.
[edit] Detection and Prevention
Recent releases of GNU libc (which incorporate the Doug Lea allocator) can detect heap overflows after the fact. The DieHard allocator prevents library-based heap overflows and reduces the likelihood of heap overflows having any effect on a running program. DieHard also makes it impossible to overwrite heap metadata by storing it separately from the heap.
Certain versions of the Microsoft Windows operating systems can mitigate these threats through the use of Data Execution Prevention (DEP) and ASLR.
[edit] External links
- "w00w00 on Heap Overflows", a more detailed explanation of heap overflows
- http://doc.bughunter.net/buffer-overflow/heap-corruption.html
- Heap Overflow article at Heise Security
