Heap overflow

From Wikipedia, the free encyclopedia

A heap overflow is another type of buffer overflow that occurs in the heap data area. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data.

Heap overflows are sometimes used by crackers to exploit poorly written software. Exploitation goes as follows: if an application copies data without first checking to see if it fits into the target destination, the cracker could supply the application with a piece of data that is too large, overwriting heap management information (metadata) near the destination. This allows an attacker to overwrite an arbitrary memory location with a small amount of data. In most environments, this may allow the attacker control over the program execution.

The Microsoft JPEG GDI+ vulnerability MS04-028 is an example of the danger a heap overflow can represent to a computer user.

[edit] Detecting and Preventing Heap Overflows

Recent releases of GNU libc (which incorporate the Lea allocator) can detect heap overflows after the fact. The DieHard allocator prevents library-based heap overflows and reduces the likelihood of heap overflows having any effect on a running program. DieHard also makes it impossible to overwrite heap metadata by storing it separately from the heap.