|
In computer security and programming, a buffer over-read is an anomaly where a program, while reading data from a buffer, overruns the buffer's boundary and reads (or tries to read) adjacent memory. This is a special case of violation of memory safety. Buffer over-reads can be triggered, as in the Heartbleed bug, by maliciously crafted inputs that are designed to exploit a lack of bounds checking to read parts of memory not intended to be accessible. They may also be caused by programming errors alone. Buffer over-reads can result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. Thus, they are the basis of many software vulnerabilities and can be maliciously exploited to access privileged information. Programming languages commonly associated with buffer over-reads include C and C++, which provide no built-in protection against using pointers to access data in any part of virtual memory, and which do not automatically check that reading data from a block of memory is safe; respective examples are attempting to read more elements than contained in an array, or failing to append a trailing terminator to a null-terminated string. Bounds checking can prevent buffer over-reads, while fuzz testing can help detect them. == See also == * Buffer overflow * Computer security * Type safety 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Buffer over-read」の詳細全文を読む スポンサード リンク
|