Buffer overflows occur when n bytes are written into a memory area (buffer) having a size less than n bytes. If an attacker, for example, one seeking to inflict a virus or a worm, gains direct or indirect control of what is written into this memory area, the attacker can carry out buffer overflow attack(s).
Buffer overflows have been one of the most widely exploited vulnerabilities, and can be due to “unchecked buffers” where there is a lack of adequate bounds checking when copying strings and arrays, and can also be caused by exploiting format string vulnerabilities.
Buffer overflow attacks can also be carried out by exploiting the placement new expression supported by C++. A purpose of the placement new expression is to “place”, i.e., to allocate a dynamically created object or array at a given address that refers to a memory arena that has already been allocated to the process. The use of placement new allows a program to make use of memory pools without allocating memory dynamically, permits avoidance of memory allocation exceptions, and allows for building of custom garbage collectors and debuggers.
However, placement new, if not appropriately used in programs may lead to security threats. For example, security threats can occur if the size of new object being placed is larger than the memory already allocated, alignment issues are not appropriately handled, and de-allocation of the memory is not carried out appropriately.
Objects are being used as units of communication between programs. For example, web services, cloud-based services, and object-based interactions between browsers and servers employ object-based information transfer paradigms. Since objects may be passed to a program from tainted/untrusted remote or local sources, object-based buffer overflows have become a concern. Programs may also make logic errors by placing an object in a buffer that has a size smaller than the size of the object.
Like conventional buffer overflow attacks, placement new-based buffer overflow attacks can also occur due to insufficient and/or inaccurate bounds checking. Unlike conventional buffer overflow attacks, placement new-based attacks can lead to both object and array overflows. Existing tools do not detect nor address buffer overflow vulnerabilities resulting from the use of the “placement new” expression in C++, and a tool is needed for analysis of code and for detecting vulnerabilities due to placement new, and automatically addressing these vulnerabilities.