1.10 How my Buffer Overflow Wiped my Colleague's Hard Disk

Juppies 2 by Dr Heinz M. Kabutz

This is a sad story. About three decades ago, I wrote a program in C++ and with the platform I was using, was supposed to have null as the last value in my arrays. I didn't read the documentation and thus didn't do this. I was running the code on Solaris and for some reason it worked, despite the bug in my code. A fellow student wanted to see whether my program would also compile and run on Windows. I strongly urged him not to try it, but he did anyway. It compiled fine, but when it ran, due to the unterminated array, it caused a catastrophic failure and wiped out his hard drive. It was an unfortunate mistake, and I did feel quite bad for my colleague.

Hackers exploit these types of bugs all the time - they are called buffer overflow attacks - in order to insert their own program code and to take over control of machines.

Java protects us against writing or reading past the end of an array by consistently throwing an ArrayIndexOutOfBoundsException. Much better!

Previous Chapter Previous Lesson Next Lesson Next Chapter

Previous Chapter Previous Lesson Next Lesson Next Chapter

Comments

Table of Contents

• 0.1: Programming is a team sport - source control
• 0.2: Creating an account on GitHub
• 0.3: Forking the Juppies2 repository from kabutz
• 0.4: Oracle JDK
• 0.5: Oracle OpenJDK
• 0.6: Azul's Zulu OpenJDK
• 0.7: Installing the Oracle OpenJDK
• 0.8: Integrated Development Environments (IDEs)
• 0.9: Downloading Apache NetBeans
• 0.10: Loading our Juppies2 Project in Apache NetBeans
• 0.11: Running the AnagramGame with Apache NetBeans
• 0.12: Downloading IntelliJ IDEA Community Edition
• 0.13: Installing IntelliJ IDEA Community Edition
• 0.14: Running the AnagramGame with IntelliJ IDEA Community Edition
• 0.15: Downloading and Installing Eclipse
• 0.16: Running the AnagramGame with Eclipse
• 1.1: AnagramGame Project Structure
• 1.2: WordLibrary
• 1.3: Swing User Interface (UI)
• 1.4: Buffer Overflows
• 1.5: Demo of New Word Button
• 1.6: Demo of Guess Button
• 1.7: StaticWordLibrary Structure
• 1.8: StaticWordLibrary Details
• 1.9: Changing the Size of Our StaticWordLibrary
• 1.10: How my Buffer Overflow Wiped my Colleague's Hard Disk
• 1.11: Adding Our Own Words to the StaticWordLibrary
• 1.12: WordLibraryTest With JUnit
• 1.13: Java's For Loop
• 1.14: Testing That Words Are Anagrams
• 1.15: Running JUnit
• 1.16: isAnagram() Method
• 1.17: Fixing StaticWordLibrary
• 1.18: WordLibraries Facade
• 1.19: Find Usages
• 1.20: Exercise
• 1.21: Commiting Changes
• 1.22: GitHub Repository
• 1.23: Pushing Commits to Remote Repository on GitHub
• 1.24: Until Next Time
• 2.1: Welcome back
• 2.2: Setting up NetBeans Git Toolbar
• 2.3: Creating a Git Branch for Today's Session
• 2.4: Typical Directory Structure Under Maven
• 2.5: NetBeans Magic Shortcuts
• 2.6: Avoid Copy & Paste Programming
• 2.7: Creating a ShuffledWordLibrary
• 2.8: Integer Array for Shuffled Indexes
• 2.9: Finishing the methods to delegate to the other WordLibrary
• 2.10: Trying out the "ShuffledWordLibrary" That Does Not Really Shuffle
• 2.11: Committing Our Changes to Git
• 2.12: Shuffling the Integer Array
• 2.13: Trying Out the Shuffled Anagram List
• 2.14: Committing our "shuffle" method
• 2.15: ArrayShuffler
• 2.16: Creating an ArrayShufflerTest
• 2.17: Printing the indexes array
• 2.18: Fixing Random to be more random
• 2.19: Extending the Tests
• 2.20: The Goat, The Wolf and The Cabbage (Swapping Integer Values)
• 2.21: Testing the Integer Swapping Code
• 2.22: Testing Before Running Application
• 2.23: Fixing the Integer Swapping Code
• 2.24: Integer Swapping With XOR
• 2.25: Value of Source Control Systems
• 2.26: Changed WordLibrary from an Abstract Class to an Interface
• 2.27: Commit and Push
• 2.28: Until Next Time
• 3.1: Welcome back
• 3.2: Create a new Git Branch
• 3.3: ScrambledWordLibrary
• 3.4: SortedScrambledWordLibrary
• 3.5: Committing Entire Project At Once
• 3.6: Creating a RandomScrambledWordLibrary
• 3.7: Adding a shuffle(char[]) method
• 3.8: Testing the shuffle() method
• 3.9: Scrambler Strategy Extracted
• 3.10: Rot13Scrambler
• 3.11: OriginalScrambler
• 3.12: Moving Scrambler Interface Into ScrambledWordLibary Using IntelliJ IDEA
• 3.13: Moving Shuffler Implementations Into ScrambledWordLibrary
• 3.14: Danger of Overusing Inner Classer
• 3.15: Testing Refactoring
• 3.16: Beauty of IDE Interoperability
• 3.17: Anonymous Inner Classes
• 3.18: Converting Anonymous Inner Class to Lambda
• 3.19: Expression Lambdas
• 3.20: Font Ligatures
• 3.21: Testing and Commiting Lambdas
• 3.22: Turning Rot13Scrambler into a Lambda
• 3.23: Method References
• 3.24: Making ArrayShuffler.shuffle() Methods static
• 3.25: Forcing Everyone To Use Static Methods
• 3.26: DecoratedWordLibrary
• 3.27: ScrambledWordLibrary as a Decorator
• 3.28: ShuffledWordLibrary as a Decorator
• 3.29: Cleaning Up the Concrete Decorators
• 3.30: Updated Copyright Notices
• 3.31: Make Classes Final Where Possible
• 3.32: Commit and Push
• 3.33: Conclusion

We hope you enjoyed this tutorial. If you did, you will also enjoy our courses. We suggest you start with Extreme Java - Advanced Java, followed by Extreme Java - Concurrency Performance for Java 8.