Revision as of 09:53, 29 November 2019 edit Kiwi128 (talk \| contribs) Autopatrolled, Extended confirmed users 17,480 edits m Reverted 3 edits by 114.124.236.209 (talk) to last revision by Kiwi128 (TW) Tag: Undo ← Previous edit		Revision as of 09:59, 29 November 2019 edit undo 114.124.236.209 (talk) No edit summary Tags: references removed Visual edit Mobile edit Mobile web edit Next edit →
Line 42: ==Bounds checking== Bounds checking is a compiler-based technique that adds run-time bounds information for each allocated block of memory, and checks all pointers against those at run-time. For C and C++, bounds checking can be performed at pointer calculation time or at dereference time. ~~{{Main\|Bounds checking}}~~ Implementations of this approach use either a central repository, which describes each allocated block of memory,~~<ref name="joneskelly"/><ref name="safecodesva"/><ref name="asan"/>~~ or ~~[[fat pointer]]s~~,~~<ref name="failsafec"/>~~ which contain both the pointer and additional data, describing the region that they point to.▼ Bounds checking is a compiler-based technique that adds run-time bounds information for each allocated block of memory, and checks all pointers against those at run-time. For C and C++, bounds checking can be performed at pointer calculation time<ref name="joneskelly">{{cite web\|url=http://www.doc.ic.ac.uk/~phjk/BoundsChecking.html \|title=Bounds Checking for C \|publisher=Doc.ic.ac.uk \|date= \|accessdate=2014-04-27}}</ref> or at dereference time.<ref name="safecodesva">{{cite web\|url=http://sva.cs.illinois.edu/sva.html \|title=SAFECode: Secure Virtual Architecture \|publisher=Sva.cs.illinois.edu \|date=2009-08-12 \|accessdate=2014-04-27}}</ref><ref name="asan">{{cite web\|url=https://code.google.com/p/address-sanitizer/\|title=google/sanitizers}}</ref><ref name="failsafec">{{cite web\|url=http://staff.aist.go.jp/y.oiwa/FailSafeC/index-en.html \|title=Fail-Safe C: Top Page \|publisher=Staff.aist.go.jp \|date=2013-05-07 \|accessdate=2014-04-27}}</ref> ▲Implementations of this approach use either a central repository, which describes each allocated block of memory,<ref name="joneskelly"/><ref name="safecodesva"/><ref name="asan"/> or [[fat pointer]]s,<ref name="failsafec"/> which contain both the pointer and additional data, describing the region that they point to. ==Tagging== Line 75 ⟶ 73: ===Clang/[[LLVM]]=== Clang supports three buffer overflow detectors, namely [[AddressSanitizer]] (-fsanitize=address),<ref name="asan">{{cite web\|url=https://code.google.com/p/address-sanitizer/\|title=google/sanitizers}}</ref> -fsanitize=bounds,<ref>{{cite web\|url=http://clang.llvm.org/docs/UsersManual.html \|title=Clang Compiler User's Manual — Clang 3.5 documentation \|publisher=Clang.llvm.org \|date= \|accessdate=2014-04-27}}</ref> and SafeCode.<ref>{{cite web\|url=http://safecode.cs.illinois.edu/ \|title=SAFECode \|publisher=Safecode.cs.illinois.edu \|date= \|accessdate=2014-04-27}}</ref> Line 84 ⟶ 82: === {{Anchor\|FSC}}Fail-Safe C === ''Fail-Safe C''<ref name="failsafec">{{cite web\|url=http://staff.aist.go.jp/y.oiwa/FailSafeC/index-en.html\|title=Fail-Safe C: Top Page\|date=2013-05-07\|publisher=Staff.aist.go.jp\|accessdate=2014-04-27}}</ref> is an open-source memory-safe ANSI C compiler that performs bounds checking based on fat pointers and object-oriented memory access.<ref>{{cite web\|url=http://staff.aist.go.jp/y.oiwa/publications/2005-PhDthesis.pdf \|title=thesis.dvi \|website=Staff.aist.go.jp \|date= \|accessdate=2016-09-17}}</ref> ===StackGhost (hardware-based)===

Buffer overflow protection: Difference between revisions