| Wiki Markup |
|---|
The incorrect use of arrays has traditionally been a source of exploitable vulnerabilities. Elements referenced within an array using the subscript operator \[\] are not checked unless the programmer provides adequate bounds checking. As a result, the expression {{array \[pos\] = value}} can be used by an attacker to transfer control to arbitrary code. |
| Wiki Markup |
|---|
As a result, if the attacker can control the values of both {{pos}} and {{value}} in the expression {{array \[pos\] = value}}, he can perform an arbitrary write (overwrite other storage locations with contents of his choice). The consequences range from changing a variable used to determine what permissions the program grants to executing arbitrary code with the permissions of the vulnerable process. Arrays are also a common source of buffer overflows when iterators exceed the dimensionsbounds of the array. |
An array is a series of objects, all of which are the same size and type. Each object in an array is called an array element. The entire array is stored contiguously in memory (that is, there are no gaps between elements). Arrays are commonly used to represent a sequence of elements where random access is important but there is little or no need to insert new elements into the sequence (which can be an expensive operation with arrays).
...
These statements allocate storage for an array of twelve integers referenced by dis. Arrays are indexed from 0..n-1 (where n represents an array dimensionbound). Arrays can also be declared as follows:
...
| Code Block |
|---|
int * const dat = (int * const) malloc(ARRAY_SIZE * sizeof(int)); /* ... */ free(dat); dat = NULL; |
The dis identifier cannot be incremented, so the expression dis++ results in a fatal compilation error. Both arrays can be initialized as follows:
...