← Back to context

Comment by shadytrees

17 years ago

See also the C FAQ, which patiently devotes 24 questions to the topic. (You can almost tell just how frequently the question came up on the list.)

http://c-faq.com/aryptr/index.html

Is there another place that buffer overflows occur than in the char* with no bounds checking? If not, this single fact is the one that leads to so many of the software vulnerabilities in the wild.

  • Yes, memcpy overflows are just as common as strcpy overflows, and structure overflows are more common today than strings, if only because most of the trivial string stuff has been flushed out by now.