|
| |
| | [No title] |
 | | Check implementation on installation, or limit the size of all string inputs. |
|
http://dev.gentoo.org/~tigger/audit/sendmail_8_13_1_tar_gz_flawfinder
(15855 words)
|
|
| |
| | Bounds Checking for C |
| | Bounds checking is easy for arrays because the array subscript syntax specifies both the address calculation and the array within which the resulting pointer should point. | | | Some efficiency problems remain, but bounds checking need not be used in all of the files which make up a program, so trusted, performance-critical code can run at full speed. | | | We can check whether a pointer arithmetic expression is valid by finding its base pointer's storage region, then checking that the expression's result points into the same storage region. |
|
http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html
(937 words)
|
|
| |
| | Program-semantics Aware Intrusion Detection |
| | Recognizing the similarity between segment bounds checking and array bounds checking, Cash allocates a separate segment to each array, and generates the array reference instructions in such a way that X86 architecture’s segment bounds checking hardware effectively performs the required array bounds checking for free. | | | Cash (Checking Array bounds using Segmentation Hardware) is a GCC extension that uses the segmentation hardware of Intel’s X86 architecture to automatically check the bounds when an array is accessed. | | | The minimum number of instruction required to check a reference in a C-like application against its lower and upper bounds is 6, two to load the bounds, tow comparisons, and two conditional branches. |
|
http://www.ecsl.cs.sunysb.edu/cash
(585 words)
|
|
| |
| | Local Use of Compiler Features |
| | Bounds checking behavior differs with the optimization level. | | | Bounds checking is needed when very large values are used to calculate addresses for memory references. | | | If bounds checking detects an out-of-bounds array reference, a message is issued for only the first out-of-bounds array reference in the loop. |
|
http://docs.cray.com/books/S-3901-51/html-S-3901-51/zfixed4ftzi5op.html
(566 words)
|
|
| |
| | Network Theory Ltd - Memory bounds-checking for GCC |
| | The initial bounds checking patch for gcc was developed by Richard Jones and Paul Kelly of the Department of Computer Science, Imperial College (London) in 1995. | | | The bounds checking extension to GCC provides a way of detecting invalid memory accesses, by producing additional checking instructions for each read or write in the executable file. | | | The commonest and most dangerous error in C programming is reading or writing to incorrect memory locations using pointers. |
|
http://www.network-theory.co.uk/articles/boundschecking.html
(727 words)
|
|
| |
| | Untitled |
| | Bounds checking GCC can't currently check this, but it may well be added in a future version. | | | Debugging with GDB: You may debug bounds checked programs with GDB and there are special breakpoints for this purpose. | | | This dead area between objects helps the checking library to detect the difference between a pointer to the last byte + 1 of one object and a pointer to the first byte of the next object. |
|
http://www.lrde.epita.fr/~akim/compil/doc/bounds-checking.html
(2419 words)
|
|
| |
| | Bounds checking - Wikipedia, the free encyclopedia |
| | In computer programming, bounds checking is the name given to any method of detecting whether or not an index given lies within the limits of an array. | | | This has, however, been a source of innumerable errors, especially off-by-one errors. | | | The D programming language has run time bounds checking that is enabled or disabled with a compiler switch. |
|
http://en.wikipedia.org/wiki/Bounds_checking
(386 words)
|
|
| |
| | David Hayden : for and foreach loops - Compiler Optimizations Regarding Bounds Checking |
| | He briefly mentioned some of the optimizations done by the compiler regarding for loops and bounds checking in Arrays. | | | Thus, if you decide to change the type of collection from an Array to an ArrayList, you don't have to change Length to Count as you would in all your for loops. | | | David Hayden : for and foreach loops - Compiler Optimizations Regarding Bounds Checking |
|
http://codebetter.com/blogs/david.hayden/archive/2005/02/27/56104.aspx
(587 words)
|
|
| |
| | LWN: aspell: bounds checking problem |
| | Aspell's word-list-compress utility fails to properly check bounds when dealing with words that are more than 256 bytes long. | | | This can lead to arbitrary code execution by an attacker. |
|
http://lwn.net/Articles/90073
(46 words)
|
|
| |
| | Digital Mars - D - array bounds checking question. |
| | global switch to force bounds checking to aid debuging so you dont have to | | | > global switch to force bounds checking to aid debuging so you dont have to | | | > > global switch to force bounds checking to aid debuging so you dont have |
|
http://www.digitalmars.com/d/archives/8343.html
(898 words)
|
|
| |
| | Trustix: tcpdump incorrect bounds checking vulnerability - The Community's Center for Security |
| | Check out our mailing lists: http://www.trustix.net/support/ Verification: This advisory along with all TSL packages are signed with the TSL sign key. | | | Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. | | | -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2002-0084 Package name: tcpdump Summary: Incorrect bounds checking Date: 2002-12-19 Affected versions: TSL 1.1, 1.2, 1.5 -------------------------------------------------------------------------- Package description: Tcpdump is a command-line tool for monitoring network traffic. |
|
http://www.linuxsecurity.com/content/view/104437/109
(501 words)
|
|
| |
| | SecurityTracker.com Archives - Linux Kernel mremap() Improper Bounds Checking Lets Local Users Gain Root Privileges |
| | An incorrect bound check discovered inside the do_mremap() kernel code performing remapping of a virtual memory area may lead to creation of a virtual memory area of 0 bytes length. | | | A local user can reportedly cause the kernel to remap memory and create a virtual memory area that is 0 bytes in length. | | | The problem bases on the general mremap flaw that remapping of 2 pages from inside a VMA creates a memory hole of only one page in length but an additional VMA of two pages. |
|
http://www.securitytracker.com/alerts/2004/Jan/1008593.html
(1389 words)
|
|
| |
| | Array bounds checking (Henry Spencer) |
| | The remaining 1% might require a way to tell the compiler "believe me, it's right", but otherwise the need for a run-time check could be made a fatal compile-time error. | | | Nor is the technology new to > hardware, since the Burroughs B5500-series and MCP (written in Algol) has > also been checking for a similar period. | | | Clearly, it is not realistic to expect a compiler to eliminate all run-time checks from arbitrarily complex programs. |
|
http://yarchive.net/comp/array_bounds_check.html
(539 words)
|
|
| |
| | Kernel Code Bounds Checking Compiler |
| | It is vital to ensure that kernel and OS code is bug free because, today, malicious hackers are specifically looking for bugs and other OS vulnerabilities to exploit in order to gain unauthorized access to computer systems. | | | In this project we explore techniques to add bounds-checking and other memory pointer checking for kernel code. | | | CSR--AES: Runtime Monitoring and Model Checking for High-Confidence System Software |
|
http://www.am-utils.org/project-kbcc.html
(234 words)
|
|
| |
| | Digital Mars - D - array bounds checking |
| | Clearly then if you believe that bounded arrays are a language requirement, | | | implemented in hardware so that bounding tests can be performed in parallel | | | Yes, the first time I started using a range-checked array |
|
http://www.digitalmars.com/d/archives/2781.html
(5259 words)
|
|
| |
| | dBforums - Interesting change in "bounds checking" |
| | I used a four-dimensional table for my minimal test. | | | IBM, and subsequently Intel and Microsoft, proved that fact, beyond debate. | | | As a follow-up on another thread, I thought that I would point out what may |
|
http://www.dbforums.com/t704190.html
(3218 words)
|
|
| |
| | Bounds Checking |
| | Both input and output should be checked for validity | | | Determining acceptable bounds requires an examination of distortion effects and, in some cases, computational accuracy | | | For many coordinate frameworks, the mathematical formulation may exist everywhere even though the results may be nonsensical for some regions |
|
http://www.sedris.org/stc/2001/tu/srm/sld144.htm
(62 words)
|
|
| |
| | Bounds Checking with Electric Fence |
| | The result is that, as soon as a program attempts to write to any location in memory which it hasn't specifically asked for, it will segfault. | | | routines with ones that do a lot more checking and protection of memory. |
|
http://ieee.uow.edu.au/~mjp16/prog/efence
(402 words)
|
|
| |
| | gcc bounds checking, valgrind, purify |
| | Valgrind works dynamically with an x86 code rewriter that appears to be language independent and seems to implement a lot of the difficult functionality that the original Purify implemented. | | | Checking out those links, it appears that these patches are very much like a static version of Valgrind. | | | Would it be reasonable integrate this patch into the cygwin GCC? |
|
http://www.mail-archive.com/cygwin@cygwin.com/msg48899.html
(319 words)
|
|
| |
| | Debian: tcpdump incorrect bounds checking vulnerability - The Community's Center for Security |
| | ------------------------------------------------------------------------ Debian Security Advisory DSA-206-1 security@debian.org http://www.debian.org/security/ Wichert Akkerman December 10, 2002 ------------------------------------------------------------------------ Package : tcpdump Problem type : incorrect bounds checking Debian-specific: no The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. | | | What LinuxSecurity.com feature do you find most valuable? | | | The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. |
|
http://www.linuxsecurity.com/content/view/104399/100
(287 words)
|
|
| |
| | SourceForge.net: Project Info - boundschecking |
| | This project has not yet categorized itself in the Trove Software Map. | | | The level of checking is similar to, and in some respects exceeds, that of languages like Pascal and Modula-2. | | | This package adds full, fine-grained array bounds and pointer checking to GCC (C only). |
|
http://sourceforge.net/projects/boundschecking
(117 words)
|
|
| |
| | Sanjay's Coding Tips :: CCured: Bounds Checking for C |
| | Many programs can be made memory-safe this way while losing only 10--20% run-time performance. | | | CCured is a source-to-source translator for C, which analyzes the program to determine the smallest number of run-time checks that must be inserted in the program to prevent all memory safety violations. | | | Sanjay's Coding Tips :: CCured: Bounds Checking for C |
|
http://sastools.com/b2/post/79393893
(135 words)
|
|
| |
| | Comp.compilers: Re: eliminating array bounds checking overhead |
| | Re: eliminating array bounds checking overhead blaak@infomatch.com (Ray Blaak) (2000-04-27) | | | The strong typing gives information to the compiler for it to | | | Re: eliminating array bounds checking overhead fjscipio@rochester.rr.com (Fred J. Scipione) (2000-04-27) |
|
http://compilers.iecc.com/comparch/article/00-04-202
(301 words)
|
|
| |
| | Eggdev: bounds checking 1.4/1.5 |
| | Eggdrop1.4/1.5 seem to compile ok with bounds checking after I changed some of the ctime() stuff in putlog() to strftime(). |
|
http://www.eggheads.org/pipermail/eggdev/2000-July/017013.html
(75 words)
|
|
| |
| | LWN: [PATCH] do_brk() bounds checking |
| | E-Commerce and credit card processing - the Open Source way! | | | ChangeSet 1.1335, 2003/09/24 19:18:41-07:00, akpm@osdl.org [PATCH] do_brk() bounds checking check that the brk value lies in bounds. |
|
http://lwn.net/Articles/60961
(143 words)
|
|
| |
| | Linux.com Article DB: Compaq Alpha Bounds Checking - 1/1 |
| | In a continuation of the discussion on bounds checking on the LSAP lists, Solar Designer has pointed out better ways to test bounds checking in compilers. | | | Notify Gareth Watts of any errors or copyright violations. | | | Released under the Open Content License unless otherwise stated. |
|
http://linux.omnipotent.net/article.php?article_id=4749
(61 words)
|
|
| |
| | Bounds checking on OS X? |
| | Bounds checking on OS X? Is there a spotlight like bounds checker application I can use on a CW Carbon project/application? | | | 07-26-04 02:01 PM Re: Bounds checking on OS X? In article <89d7d035.0407260435.495010dd@posting.google.com>, Doug Norton wrote: | | | Look in the Previews folder of the XCode 1.2 CD for Guard Malloc (libgmalloc). |
|
http://www.codecomments.com/message243774.html
(115 words)
|
|
| |
| | #41 (date bounds checking) - Tracks - Trac |
| | I get a nasty error (ActiveRecord::MultiparameterAssignmentErrors in Todo#add_item) if I enter in a date that does not exist, like April 31. | | | It would be nice if the built-in date selector in Rails did something similar, but this seems like a reasonable work-around. | | | #41 (date bounds checking) - Tracks - Trac |
|
http://dev.rousette.org.uk/ticket/41
(109 words)
|
|
| |
| | jek-cygwin1@kleckner.net (bounds checking) |
| | Jim and All, I've successfully built and used cygwin 3.3.1 with Herman Ten Brugge's bounds checking patches. | | | I've submitted the trivial changes required for cygwin back to Herman. |
|
http://www.mail-archive.com/cygwin@cygwin.com/msg48716.html
(83 words)
|
|
|
