[VIDEO PLAYBACK]
DAVID MALAN: And you can
eventually overflow it
by trying to use more
memory than you should have.
And a buffer overflow is typically--
[END PLAYBACK]
DAVID MALAN: So this year, we have
more overflows than ever in CS50,
where I took care to actually
enumerate a number of different types
of overflows, buffer overflow
and, of course, stack overflow,
with a site with which
students generally
gain familiarity during the semester.
So it's nice to give them a
sense of the etymology of that.
DOUG LLOYD: Now they know
where it came from, exactly.
DAVID MALAN: Yeah.
But in C, we have the ability to
actually have this conversation
and actually talk about an exploit.
So here's some sample code that
Wikipedia's own page on buffer overflow
exploits, looks at, or for
stack overruns specifically,
and even though it's a pretty contrived
example, this one, where you're really
just copying some memory
into a place where it really
shouldn't be because you're
overrunning how much you've asked for,
it does demonstrate
visually what's going on.
Which is nice.
And it allows us to talk, albeit
briefly, about return addresses
and what it means to overflow the stack.
And you can see graphically how those
values are overriding bytes that they
shouldn't be.
DOUG LLOYD: Exactly.
DAVID MALAN: In fact, my one regret
is just how contrived this example is.
And I think in reflecting on this,
both now and in the recent months
since this went live, we should
probably come up with, I think,
a better, less contrived example than
just copying arbitrary memory around
like this.
Like hard-coding 12 is kind
of hard to justify here.
DOUG LLOYD: Yeah, well,
for people who might
be watching this that actually went
through CS50 this year, our quiz
this year actually had a question about
buffer overflow-- or our test, rather,
had a question about buffer overflow.
DAVID MALAN: You can still
read about it all too often
when some software gets
hacked or some server
and it's because of memory
bounds not being checked.
So it's a problem that's still
with us today, certainly.
DOUG LLOYD: Yeah, this
example is a bit contrived,
but anything where you're
taking input from a user
and copying it into a
buffer that has a fixed size
is another maybe less contrived example.
DAVID MALAN: But it's good.
I mean, I like how our
students, ultimately,
are exiting the course
even understanding
the nuances of these kinds of attacks.
And indeed, this is just one instance of
our discussion throughout the semester
of various security exploits.
And we'll come to another
one altogether when
we look at SQL, when we look at
web programming more generally.
So it's kind of nice to show that
even in our command line environment,
there are threats ever present.
DOUG LLOYD: And in years
past, we've actually
taken a lot of these security threats
and actually just kind of buffered them
until the end of the year.
DAVID MALAN: In a
separate security lecture.
DOUG LLOYD: In a separate
lecture entirely.
DAVID MALAN: --which are now
woven into the semester itself.
DOUG LLOYD: It's good to
present these things, I think,
at the time when they're--
DAVID MALAN: Just like these threats.
DOUG LLOYD: --fresh
in the student's mind.
Yeah, exactly.
