Please let me elaborate:
If you've got a "buffer overrun" (for example, if you write to element "6" of a 5-element array), then one of three things can happen:
1) Nothing
<= The "bad element" happens to be legal, unused memory.
It's exactly as though you had allocated a 6-element array.
You got lucky!
2) You get a SIGSEGV
<= The "bad element" happens to be illegal memory, and the system tells you about it (by crashing with a SIGSEGV error).
I would consider this case "lucky", too - the SIGSEGV gives you a clue that you've got a problem, and some good clues how to fix it.
3) You corrupt memory, but you *don't* get a SIGSEGV
<= Unfortunately, this is the most common scenario.
You're trashing memory (somebody else's data, a return address - it doesn't matter). Something bad - something VERY bad - has just happened.
But you don't know about it. The program might appear to run OK.
3) is the worst of all scenarios. If the program crashes (and it probably will), it will probably be in a place far removed and completely unrelated to where your buffer overrun occurred. This kind of buffer overrun can be *very* difficult to track down and correct.
|