This is related to the question 'Why do stacks typically grow downwards?', but more from a security point of view. I'm generally referring to x86.
It strikes me as odd that the stack would grow downwards, when buffers are usually written to upwards in memory. For example a typical C++ string has its end at a higher memory address than the beginning.
This means that if there's a buffer overflow you're overwriting further up the call stack, which I understand is a security risk, since it opens the possibility of changing return addresses and local variable contents.
If the stack grew upwards in memory, wouldn't buffer overflows simply run in to dead memory? Would this improve security? If so, why hasn't it been done? What about x64, do those stacks grow upwards and if not why not?
When a new local variables is declared, more stack memory is allocated for that function to store the variable. Such allocations make the stack grow downwards. After the function returns, the stack memory of this function is deallocated, which means all local variables become invalid.
The memory needs to be contiguous for an array. So, though stack grows downward, for arrays the stack grows up. In addition if you want to check whether stack grows upward or downward.
Stack may grow downward or upward depending on environment for which code is compiled, i.e., depends on compiler.
IIRC the stack grows downwards because the heap grows upwards. It could have been the other way around. An upward-growing heap allows efficient realloc in some cases, but a downward-growing heap pretty much never does.
Technically this is OS/CPU dependant, but typically this is because the stack and heap grow in opposite directions and from opposite ends of the address space.
This arrangement gives you the most flexibility to split/allocate memory between the heap and the stack without causing them to collide. If they were both to grow in the same direction, then you would need to have a starting address for the stack that would put a hard limit the maximum size of the heap (and a hard limit on the size of the stack)
ETA:
Found an interesting piece on wikipedia about why making a stack grow upwards does not necessarily prevent stack overflows - it just makes them work a bit differently.
Well, I don't know if the stack growth direction would have much effect on security, but if you look at machine architecture, growing the stack in the negative address direction really simplifies calling conventions, stack frame pointers, local variable allocation, etc. etc.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With