Buffer Overruns In Perspective

One problem which old code used to suffer from, was that it would causally cause slight buffer overruns, which the users never noticed, and in spite of which, the code seemed to work.

But one fact which the programming community has become aware of acutely in recent years, is that in many cases, carefully-crafted, malformed files could be given to those programs as input, in such a way that the attacker – the person who originated the malformed files – could get code to execute on the target’s computer, without this target ever being aware of the fact. Mind you, this probably did not happen in most cases. But under controlled conditions, this has often been proved possible to achieve.

So what has happened in the Linux world, is that the core libraries, against which all Linux software is compiled and linked, have been rewritten, so that they will stop a program cold, if that program causes the slightest buffer overrun. This has even been implemented in ways, that sometimes reduce performance, due to error-checking which wasn’t there before, and which is also not due to source-code belonging to any one application.

And so one result has been, that certain Linux programs no longer run, even though not one line of their source-code was ever changed. I recently had an experience which I believe to be of such a nature.

The reason these programs may no longer run, is that they were causing buffer overruns from the very beginning, only instances, which were not detected before.