On Friday, 15 September 2017 at 12:04:27 UTC, Kagamin wrote:
Do you hope to see such code? Since width can't be negative, C
programmer would use unsigned integer for it, and you can't
prohibit overflow for unsigned integer. It is unfixable for
array length, because unsigned integers are invariably used for
length. Blueborn vulnerabilities rely on overflow of unsigned
integers (for buffer length) to trigger buffer overflow in
calls to memcopy.
This code isn't to be taken literally, the important bit is that
silent integer overflow allows this kind of attacks.
But buffer overflow would normally be prevented by bound checks
in case of integer overflow.
Well here I don't think so: this attack is used to adress a very
large space, while having a very small actually allocated memory
space. Bounds would be too large to matter.
have a safer wrapper around malloc in your example.
That would be calloc.
The point is that it's easy to make the vulnerability disappear,
once you know about such things and traps. It falls under the
"unknown unknowns" category of risk most of the time though.