312-50V10 · Question #191
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code: #include <string.h> int main(){ char buffer[
The correct answer is D. C++. C++ inherits C's manual memory management model and provides no built-in bounds checking on arrays or buffer copy operations, making it directly vulnerable to buffer overflows as shown by the strcpy example.
Question
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code:
#include <string.h> int main(){ char buffer[8]; strcpy(buffer, ""11111111111111111111111111111""); } Output:
Segmentation fault
Options
- AC#
- BPython
- CJava
- DC++
How the community answered
(47 responses)- A6% (3)
- B2% (1)
- C2% (1)
- D89% (42)
Why each option
C++ inherits C's manual memory management model and provides no built-in bounds checking on arrays or buffer copy operations, making it directly vulnerable to buffer overflows as shown by the strcpy example.
C# runs on the .NET Common Language Runtime, which performs automatic memory bounds checking and raises a managed exception rather than allowing a raw memory overwrite.
Python is an interpreted language with automatic memory management; its runtime prevents out-of-bounds writes at the language level.
Java enforces strict array bounds checking on the JVM and throws an ArrayIndexOutOfBoundsException instead of allowing memory corruption.
The code sample uses strcpy to copy a string longer than 8 bytes into an 8-byte buffer, a classic buffer overflow scenario. C++ does not automatically check whether a write operation stays within the allocated bounds of an array or buffer, so the excess bytes overwrite adjacent memory regions, corrupting the stack and causing a segmentation fault. Managed languages enforce bounds at runtime, but C++ relies entirely on the programmer to perform such checks manually.
Concept tested: Buffer overflow vulnerability in C/C++ due to lack of bounds checking
Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Topics
Community Discussion
No community discussion yet for this question.