When a software application runs on a computing device, a processor executes machine-level instructions into which high level programming code of the application has been translated (e.g., by a compiler and/or an interpreter, etc.). The pre-defined set of machine-level instructions that a particular processor can execute is the processor's instruction set. The processor typically fetches the machine-level instructions corresponding to the functionality of a software application from memory and then executes the instructions.
During execution of a software application, the operating system may allocate memory to an executing process using a memory allocation mechanism. The “malloc” function in the C programming language is an example of a memory allocation mechanism. Malloc and similar memory allocation mechanisms allocate an amount of memory (e.g., a block, where the size of the block is specified as an argument), and return a pointer that points to the beginning of the allocated memory (e.g., the pointer points to the beginning of the allocated block).
The processor's instruction set includes instructions, such as “MOV” instructions, that read and write to memory, or execute code, using an indirect address. An indirect address contains the address of another memory location, rather than an actual data value or executable code. A register used as a pointer is an example of an indirect address. Other examples include return addresses and instruction pointers.
A buffer overflow occurs when a computer program attempts to write more data to a buffer than the size of the buffer allows. When this occurs, the data is written to memory outside the buffer. A buffer overflow can occur as a result of a bug in the computer program. For example, a buffer overflow may occur when a computer program calculates a value that is larger than the size of its storage location, if the program does not perform range checking (e.g., a check to make sure a data value is within a specified range).
Buffer overflow attacks are a category of computer security exploits that allow an attacker to insert malicious code into a computer program, in order to alter the behavior of the program to, for example, cause a security breach or crash the program. Many zero-day cyber-attacks use buffer overflows. An example of a buffer overflow attack is the Heartbleed security bug, which exposed vulnerabilities in some versions of the OpenSSL cryptographic software library. This attack was designed to compromise security keys so as to expose sensitive information such as user names and passwords.