and, in theory, you can never guarantee that a c program won't overflow its stack, and i've had this happen in practice on arduino, where it collided with the heap. occasionally you have behavior that varies by implementations, but there's no nasal demons, and in particular you can add two unknown integers without even hitting implementation-defined behavior. In this case, though, they're linking with sqlite, so all that is out the windowĪs far as i know, though it's a lot simpler than asmbb, httpdito doesn't have any security holes: Īs 10000truths points out in, in assembly you don't have to deal with undefined behavior, and that helps a lot. on the other hand, if you're bringing in megabytes of libc code full of string handling, there's lots of potential for bugs if all your strings are managed with your custom library for dynamically allocated strings, you probably aren't going to have any string buffer overflows because there are only like three places where you could get it wrong. I agree that assembly is more bug-prone than other languages, but things like internal design and dependencies make a bigger difference.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |