Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does Java have buffer overflows?

Tags:

java

buffer-overflow

buffer-overrun

Does Java have buffer overflows? If yes can you give me scenarios?

like image 606
ecleel Avatar asked Jan 26 '09 12:01

ecleel

People also ask

What is buffer overrun in Java?

Buffer overflow occurs when data is input or written beyond the allocated bounds of an object, causing a program crash or creating a vulnerability that attackers might exploit.

What is the risk to Java from buffer overflow attacks?

Buffer overflows can affect all types of software. They typically result from malformed inputs or failure to allocate enough space for the buffer. If the transaction overwrites executable code, it can cause the program to behave unpredictably and generate incorrect results, memory access errors, or crashes.

Is buffer overflow still possible?

Description. Buffer overflow is probably the best known form of software security vulnerability. Most software developers know what a buffer overflow vulnerability is, but buffer overflow attacks against both legacy and newly-developed applications are still quite common.

Is memcpy () vulnerable to buffer overflow attacks?

The following is the source code of a C program that has a buffer overflow vulnerability: char greeting[5]; memcpy(greeting, "Hello, world!\ n", 15);

2 Answers

Since Java Strings are based on char arrays and Java automatically checks array bounds, buffer overflows are only possible in unusual scenarios:

  1. If you call native code via JNI
  2. In the JVM itself (usually written in C++)
  3. The interpreter or JIT compiler does not work correctly (Java bytecode mandated bounds checks)
like image 78
Michael Borgwardt Avatar answered Oct 06 '22 09:10

Michael Borgwardt

Managed languages such as Java and C# do not have these problems, but the specific virtual machines (JVM/CLR/etc) which actually run the code may.

like image 40
Brian Rasmussen Avatar answered Oct 06 '22 08:10

Brian Rasmussen
Sign in to Comment

Related questions

Is unit testing alone ever a good reason to expose private instance variables via getters? [duplicate]
Just what is Java EE really? [closed]
Can I find out the return value before returning while debugging in Eclipse?
Could not resolve placeholder in string value
How to Delete a topic in apache kafka [duplicate]
Do any JVM's JIT compilers generate code that uses vectorized floating point instructions?
_ (underscore) is a reserved keyword
throws Exception in finally blocks
Details of difference between @see and @inheritDoc
Google Guice vs. PicoContainer for Dependency Injection
Creating a custom JButton in Java
Java regular expression OR operator
Division of integers in Java [duplicate]
Can we start the maven build from the point where it failed
Class.forName() vs ClassLoader.loadClass() - which to use for dynamic loading? [duplicate]
Why can a class not be defined as protected?
How to generate the JPA entity Metamodel?
Call "java -jar MyFile.jar" with additional classpath option
Https Connection Android
Disable Maven warning message - "Selected war files include a WEB-INF/web.xml which will be ignored"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!