1. C++ program with a heap buffer overflow a. Download the following program that exploits a shortcoming of STL vectors (which uses the heap) and iterators. Compile and run the program. Try at least three different scenarios: No command line argument. A small command line argument larger than 10 but around 20 - 30. A very large command line argument. 4. Explain what happened in each case. Did you receive a memory fault in the last case? (Depends on the IDE or OS you use.) 5. How could the problem be fixed?

This is the program:

#include #include #include /** People sometimes get the false impression that because STL and iterators * are fairly new additions to C++, they do sensible, commonplace things like * bounds checking. * * This is sadly not the case, since preserving backwards-compatibility with C * means preserving the loaded-gun-pointed-at-your-foot aspects, too. * * A semi-common related problem is to have doubles take on impossibly tiny * values in somewhere in your code. Tiny doubles are usually the result of * reinterpreting the ghost of an int as a double -- see end. */ // YEAH! class Awesome { public: int a; double b; std::string c; Awesome() : a(5), b(42.0), c("woot") { } }; int main(int argc, char* argv[]) { // how many doubles to dereference? int n; if(argc > 1) n = atoi(argv[1]); else n = 10; // soil up the memory space std::vector foo; for(unsigned i = 0; i < 10 * n; i++) foo.push_back(new Awesome()); for(unsigned i = 0; i < 10 * n; i++) delete foo[i]; // think iterators are smart? think again. std::vector b(1); std::vector::iterator it; // walk right off the end. a segfault is the best thing that could happen, // since at least we'd know something went wrong. for(it = b.begin(); it < b.end() + n; it++) std::cout << *it << " "; std::cout << " "; // ints interpreted as doubles = tiny number int fooInt = 42; double *fooDouble = reinterpret_cast(&fooInt); std::cout << "fooInt = " << fooInt << std::endl << "fooDouble = " << *fooDouble << std::endl; }

b. Write a program in Java that dynamically allocates a large integer array. Please include a copy of your code in what you hand in or e-mail to me. Start with an array with at least 100 million elements. Increase the size (number of elements) of the array until an exception is generated. The operating system should generate a hardware interrupt when the amount of user addressable space has been exhausted. Java should pass this interrupt on as an exception. How much memory was used before the exception was generated? You can calculate the number of bytes by multiplying the sizeof(int) times the total number of integers requested. You should print out this value each time the number of elments was increased. Is naively running out of heap memory an exploitable vulnerability in Java?