[SystemSafety] C++ and Pointers

Derek M Jones derek at knosof.co.uk
Thu Jun 6 18:18:08 CEST 2019


Peter,

> - the subset of bugs that are a) security vulnerabilities, b) exploited
> in attacks.

Certainly, faults that can be exploited in an attack is a small subset
of all faults.

> My impression is that quite a lot of attacks exploit buffer overflow
> vulnerabilities.

To be effective, an attack has to access memory outside of that
which is 'intended' to be accessed.  So many attacks involve out of
bounds accesses.  The actual fault may be far removed from the
out of bounds access, but just so happens it can be used to change
the value of a variable that is later used in access storage.

What is the distribution of the 'distance' (measured in, say
instructions), between the fault code and the attack access?
I cannot think of any research looking at this.  Pointers
welcome.

-- 
Derek M. Jones           Software analysis
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com


More information about the systemsafety mailing list