C programmers, check this out

http://www.trl.ibm.com/projects/security/ssp/

[redhead]

That all sounds very good, but what if you're working with dynamicaly growing arrays, would this try to estimate the size of them ? or create some sort of double linked list to workaround the malloc(), calloc() and realloc() calls..

[ndogg]

That all sounds very good, but what if you're working with dynamicaly growing arrays, would this try to estimate the size of them ? or create some sort of double linked list to workaround the malloc(), calloc() and realloc() calls..

That's not what it does. If you have any assembly experience, you probably know that most compilers allocate memory in the order it is presented in the code. The thing with stack smashing comes from code like this:

Code:

char x[10];
int * y;
x[11]=12; // y now points to memory location 12

Basically, this extension reorders the memory so it looks like this:

Code:

int * y;
char x[10];
x[11]=12;

This way, if more memory is addressed than there is allocated, you do not have to worry about pointers being messed with.