Buffer‑Overflow Basics
A buffer is a contiguous memory region used to store input (e.g., a string from the network). If a program writes more bytes than the buffer can hold, the excess overwrites adjacent memory (variables, saved registers, or the return address).
| Consequence | Typical exploitation goal |
|---|---|
| Corrupt local variables | Crash the program (Denial‑of‑Service) |
| Overwrite saved frame pointer | Leak stack contents |
| Overwrite return address | Hijack control flow → arbitrary code execution |
Classic mitigation checklist:
- Stack canaries – a known sentinel placed before the saved return address; altered canaries abort the process.
- ASLR (Address Space Layout Randomisation) – randomises base addresses of stack, heap, and libraries, making gadget discovery harder.
- NX/DEP (No‑Execute) – marks stack/heap pages non‑executable, forcing attackers toward code‑reuse techniques (see next section).