Possible Duplicate:
Does Java have buffer overflows?
Can Java be exposed to buffer overflow vulnerabilities? Normally, people would use String objects that are dynamically resized. I am talking about the scenario where character arrays are used.
Asked
Active
Viewed 943 times
0
Community
- 1
- 1
Lelouch Lamperouge
- 8,171
- 8
- 49
- 60
-
Are you asking if Java raises an exception when you index beyond the end of a "character array"? The answer is "yes, there's an exception". Which means "no, there's no vulnerability". Is that what you're asking? – S.Lott Dec 16 '11 at 03:39
-
@S.Lott You are describing an index out of bounds error: as you said using an "index beyond the end of" an array (or anywhere outside the bounds of the array). A buffer overflow is writing more information into a buffer than a buffer can hold: e.g., writing 10 chars into a 5 char array. – Jay Lindquist Dec 16 '11 at 03:50
-
@JayLindquist: How do you write 10 characters into a 5 char array? One character at a time. Each position is indexed. Each access can raise an index error. Since this is how Java works, I'm not sure what the question is. How to bypass index bounds checking? How to disable it? – S.Lott Dec 16 '11 at 11:49
-
@S.Lott because it is nearly impossible to buffer overflow in Java, you are correct that any attempt like you described above will result in an index exception, but an index exception is not the same as a buffer overflow. In C it is easy to create a 5 char array and memcpy 10 chars into it as there is no index exception. – Jay Lindquist Dec 17 '11 at 17:14
-
@JayLindquist: What? If you can't buffer overflow in Java, then can you explain what this question means. It's not about C. It's about Java. – S.Lott Dec 17 '11 at 23:17
2 Answers
2
No
You cannot overrun buffers in Java. Array accesses are checked in the JVM.
kevin cline
- 2,608
- 2
- 25
- 38
2
You can't actually overflow the buffer, but trying to can trigger exceptions, and poorly written exception handlers can induce arbitrary unexpected behavior.
ddyer
- 1,792
- 19
- 26