Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why don't stacks grow upwards (for security)?

This is related to the question 'Why do stacks typically grow downwards?', but more from a security point of view. I'm generally referring to x86.

It strikes me as odd that the stack would grow downwards, when buffers are usually written to upwards in memory. For example a typical C++ string has its end at a higher memory address than the beginning.

This means that if there's a buffer overflow you're overwriting further up the call stack, which I understand is a security risk, since it opens the possibility of changing return addresses and local variable contents.

If the stack grew upwards in memory, wouldn't buffer overflows simply run in to dead memory? Would this improve security? If so, why hasn't it been done? What about x64, do those stacks grow upwards and if not why not?

like image 224
AshleysBrain Avatar asked Apr 30 '10 12:04

AshleysBrain


People also ask

Why does stack grow down?

When a new local variables is declared, more stack memory is allocated for that function to store the variable. Such allocations make the stack grow downwards. After the function returns, the stack memory of this function is deallocated, which means all local variables become invalid.

Does stack grow upwards?

The memory needs to be contiguous for an array. So, though stack grows downward, for arrays the stack grows up. In addition if you want to check whether stack grows upward or downward.

Does stack grow upward or downward?

Stack may grow downward or upward depending on environment for which code is compiled, i.e., depends on compiler.

Why does stack grow downwards and heap grows upwards?

IIRC the stack grows downwards because the heap grows upwards. It could have been the other way around. An upward-growing heap allows efficient realloc in some cases, but a downward-growing heap pretty much never does.


2 Answers

Technically this is OS/CPU dependant, but typically this is because the stack and heap grow in opposite directions and from opposite ends of the address space.

This arrangement gives you the most flexibility to split/allocate memory between the heap and the stack without causing them to collide. If they were both to grow in the same direction, then you would need to have a starting address for the stack that would put a hard limit the maximum size of the heap (and a hard limit on the size of the stack)

ETA:

Found an interesting piece on wikipedia about why making a stack grow upwards does not necessarily prevent stack overflows - it just makes them work a bit differently.

like image 100
Eric Petroelje Avatar answered Oct 17 '22 14:10

Eric Petroelje


Well, I don't know if the stack growth direction would have much effect on security, but if you look at machine architecture, growing the stack in the negative address direction really simplifies calling conventions, stack frame pointers, local variable allocation, etc. etc.

like image 33
Mike Dunlavey Avatar answered Oct 17 '22 15:10

Mike Dunlavey