A common cause of malfunctioning software. If the amount of data copied into a memory buffer exceeds the size of the buffer, the extra data will overwrite whatever is in the adjacent bytes, and those bytes could hold numbers and codes the program constantly uses (see flag
). It only takes an error of one bit to crash software.
Certain copy instructions transfer strings of data within memory until some character such as a null or return is reached, signaling its end. Such instructions are potentially dangerous and can be avoided by using instructions that copy a fixed number of bytes.
Buffer Overruns Are Exploited
If software is written to assume the correct amount of data will always be input and makes no provisions otherwise, malicious hackers can exploit this situation by entering more and more data until the computer crashes. When it does, the computer's registers are examined to find out if it was attempting to execute an instruction in the overrun buffer area and if so, the precise location. The exploit is then carried out by appending machine instructions at the end of the input that the computer will execute. See XSS
and SQL injection
Slammer Wreacked Havoc
In January 2003, the Slammer worm on the Internet caused a billion dollars worth of damage. Using randomly generated IP addresses, Slammer used the buffer overflow exploit to replicate itself. Within three minutes after the first Slammer packet was unleashed, the number of infected computers was doubling every eight seconds. Within 15 minutes, large sections of the Internet were overloaded and out of commission. See buffer
and buffer flush