Program can store its data in 3 places:

– data area (contains only static variables)

– stack (contains local variables and return addresses when subroutine is called)

– heap (dynamically allocated memory, objects are allocated here due to their size)

Buffer overflow:

– Stack overflow

Limited amount of memory (usually determined when program starts)

Usually caused by 2 errors:

– infinite recursion

– very large stack variables (usually creating too large local variables, therefore arrays larger than a few KB should be allocated dynamically)

ex:

int foo() {

double x[1000000];

}

* when a single-threaded program runs as a multi-threaded, it will be allocated less space per thread. Therefore program that runs OK might crush when multi-threaded.

– Heap overflow

Memory is allocated dynamically

Primarily program DATA is contained

* on average, half of all critical security leaks are based on heap overflows (ex: iPhone, PS3 homebrews)

* more information: http://www.h-online.com/security/features/A-Heap-of-Risk-747161.html

• Java
• Misc