Talk:Heap overflow

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing Mid‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Computing: Software Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Software (assessed as Low-importance). This article is supported by WikiProject Computer Security (assessed as Mid-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

one comment I have for this page is that it seems to imply that the only way to exploit a heap overflow is by corrupting malloc meta data, in reality any linked list will do for the pointer exchange, its often possible to exploit heap overflows even without being able to overwrite any linked list pointers by corrupting other data such as function pointers or specific data structure fields...I've written more than my share of heap overflow exploits and in my experience overwriting malloc meta data isn't even the easiest way for most bugs... --Michael Lynn

I put the above into a section -- it only looked like it was part of the header because it predated sections and the header. Markbassett (talk) 16:40, 29 March 2016 (UTC)[reply]

Heap Overflows represent a considerable fraction of the number of exploits today. This article is a good start but deserves considerable expansion.

I personally strive to improve this article with the following additions (and invite others to as well!):

• Review the development of heap overflows, the work of Solar Designer, return-to-libc and the `unlink()` attack.
• Review heap overflows in relation to a simplified or classic allocator such as Doug Lea's dlmalloc
• A short C example, with a note about contemporary compiler and C-library consistency checking feature which may make the C example fail.
• An explanation of heap overflow techniques for many different memory allocators
• In order to improve reliability and subvert protection mechanisms, hackers have modified different internal program structures with the "single word write primitive" which is the end result of some heap overflows. Reviewing the clever techniques used would be interesting and informative.

Additionally, this article may benefit those new to programming with a short remark clarifing heap overflows as sharing no structural feature with a stack based buffer overflows beyond their etiology from the overrun of a buffers boundary.

Zetavolt (talk) 00:44, 19 May 2014 (UTC)[reply]

I suggest to add the following article as an external reference:

A heap of risk, Buffer overflows on the heap and how they are exploited

http://www.heise-security.co.uk/articles/74634

It is an in depth explanation of how buffer overflows occur, how they are exploited and even features a simple heap management implementation for demo purposes. The author FX is a well respected expert in this field.

Please note that I am a heise editor. So I will not add the link myself. Feel free to inform me, if this kind of suggestion is not appreciated.

193.99.145.162 08:40, 12 June 2007 (UTC) / ju (ju at heisec.de)[reply]

There was a tag dated Feb 2013 about links to external web sites being part of the body.

This article has an unclear citation style. The reason given is: Violates Wikipedia:External links: "Wikipedia articles may include links to web pages outside Wikipedia (external links), but they should not normally be used in the body of an article." The references used may be made clearer with a different or consistent style of citation and footnoting. (February 2013) (Learn how and when to remove this message)

I have revised these into web cites and then removed the tag. Markbassett (talk) 17:58, 29 March 2016 (UTC)[reply]