- Heap overflow
A heap overflow is a type of
buffer overflow that occurs in the heap data area. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data.Exploitation goes as follows: if an application copies data without first checking to see if it fits into the chunk (blocks of data in the heap), the attacker could supply the application with a piece of data that is too large, overwriting heap management information (metadata) of the next chunk. This allows an attacker to overwrite an arbitrary memory location with four bytes of data. In most environments, this may allow the attacker control over the program execution.
The
Microsoft JPEG GDI+ vulnerability [http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx MS04-028] is an example of the danger a heap overflow can represent to a computer user.Detecting and Preventing Heap Overflows
Recent releases of GNU libc (which incorporate the
Doug Lea allocator) can detect heap overflows after the fact. The [http://www.diehard-software.org DieHard] allocator prevents library-based heap overflows and reduces the likelihood of heap overflows having any effect on a running program. DieHard also makes it impossible to overwrite heap metadata by storing it separately from the heap.External links
* [http://www.w00w00.org/files/articles/heaptut.txt "w00w00 on Heap Overflows", a more detailed explanation of heap overflows]
* [http://doc.bughunter.net/buffer-overflow/heap-corruption.html http://doc.bughunter.net/buffer-overflow/heap-corruption.html]
* [http://www.heise-online.co.uk/security/A-Heap-of-Risk--/features/74634 Heap Overflow article at Heise Security]
* [http://webmasters-forums.com/Heap-Files-%28-Unordered-Files-%29-t-601.html Information About Heap Files] : Essential Informations ( Basics ) about Heap Files.ee also
*
Buffer overflow
*Stack overflow
*Stack buffer overflow
* Exploit
*Shellcode
Wikimedia Foundation. 2010.
