General discussion


buffer overrun

By bob ·
I understand the concept of buffer underrun. I suppose that anyone who burns CDs would have the opportunity to experience this event for a number of reasons.
Can someone please explain buffer OVERRUN to me.
With Windows evolution to SP2, I am being confronted with this term more and more.
What is buffer overrun, and how does it directly or indirectly affect me and my systems?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by TheChas In reply to buffer overrun

Prior to the use of fast CD burners, the concept of a buffer underrun was never even considered.

A buffer is an area of memory that is used to store data until the program that is running is ready to use the data.

A buffer underrun occurs when the program must wait for data to enter the buffer.

Just as it sounds, a buffer overrun is when too much data is sent to the buffer and it overflows.

The problem with a buffer overrun happens when the software behaves in a predictable manner that can be exploited by a hacker or virus.
Ideally, when a buffer overrun occurs, the software would ignore all data and wait to recover. Many of the sub-routines used to recover from an overrun mistakenly accept the hacker generated code that starts the attack.


Collapse -

by bob In reply to

Poster rated this answer.

Collapse -

by willcomp In reply to buffer overrun

It's buffer overflow (as opposed to buffer underrun when dealing with CD burning). Here's a pretty succint description that was lifted from As you can see, buffer overflow is used by malware to install itself.

"A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability."


Collapse -

by bob In reply to buffer overrun

This question was closed by the author

Related Discussions

Related Forums