"Let's start with a quick review of buffer overflows. A
buffer overflow, or buffer overrun, occurs when a process attempts
to store data beyond the boundaries of a fixed-length buffer. The
result is that the extra data overwrites adjacent memory locations.
The overwritten data can include other buffers, variables, program
flow data, etc. Overwriting this data can cause such problems as
erratic program behavior, memory-access exceptions, program
terminations of the crash variety, the wrong returned results, or
the most dangerous thing for systems integrity: a breach of
security.
"Buffer overflows cause many software weaknesses and, therefore,
are the basis of malicious exploits. C/C++ systems are especially
prone to overflows. They provide no built-in protection to stop
accessing or overwriting data in any part of memory, and they don't
automatically check that data written to a built-in buffer array is
within the boundaries of that array. That's why you should always
support a system that does bounds checking, either by you or by the
compiler and runtime."