Buffer Overflow due to wrong data type

Question

I am reading the OWASP page on buffer overflow. It mentions:

buffer overflow can be prevented using higher-level programming languages that are strongly typed and

developer should validate input to prevent unexpected data from being processed, such as of the wrong data type

Can someone give an example when an incorrect data type can lead to a buffer overflow ?

Ari Trachtenberg · Answer 1 · 2015-06-12T16:52:00.657

4

Here are some C/C++ examples:

Reading a long into an int memory space (say with scanf).
```
int i;
scanf("%ld", &i);
```
Using a float as an index in a for loop instead of a fixed point structure, resulting in possibly one more or less iteration than expected.
```
char *arr = new char[9];
for(float j=1; j>0; j=j-0.1) { // will clobber 10 characters, not 9
    *arr++ = 'A';
```

copying between arrays with different type widths

float floatArr[10] = { 5, 5, 5, 5, 5, 5, 5, 5, 5, 5 };
char charArr[10];
memcpy(charArr, floatArr, sizeof(float));

edited Jun 12 '15 at 16:52

answered Jun 11 '15 at 21:01

Ari Trachtenberg

For the second example, would it be 10 iterations ? I couldn't follow how would there be an extra iteration. – Jake Jun 12 '15 at 00:26
It's not the number of iterations it's the type used as an index. – RoraΖ Jun 12 '15 at 01:45
With j=j+1, will float still cause a problem ? – Jake Jun 12 '15 at 02:13
No ... 1 can be accurately represented as a float. I have modified the example to be correct. – Ari Trachtenberg Jun 12 '15 at 16:52

1 Answers1