312-50V11 · Question #191
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code: #include <string.h> int main(){ char buffer[
The correct answer is D. C++. C++ inherits C's manual memory management and lacks automatic bounds checking, making it the primary language susceptible to buffer overflow vulnerabilities.
Question
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code:
#include <string.h> int main(){ char buffer[8]; strcpy(buffer, ""11111111111111111111111111111""); } Output:
Segmentation fault
Options
- AC#
- BPython
- CJava
- DC++
How the community answered
(36 responses)- A3% (1)
- C3% (1)
- D94% (34)
Why each option
C++ inherits C's manual memory management and lacks automatic bounds checking, making it the primary language susceptible to buffer overflow vulnerabilities.
C# runs on the .NET CLR, which enforces memory safety and automatic bounds checking, preventing buffer overflow conditions by design.
Python uses dynamic memory allocation and its runtime enforces strict bounds on all sequence operations, making buffer overflows essentially impossible.
Java enforces array bounds checking at runtime and uses garbage collection, throwing an ArrayIndexOutOfBoundsException rather than overwriting memory.
C++ does not perform automatic bounds checking on arrays or string operations, and functions like strcpy() blindly copy data past buffer boundaries. In the example, copying a 29-character string into an 8-byte buffer overwrites adjacent memory, causing a segmentation fault and a classic exploitable condition. Managed languages enforce bounds at runtime, but C++ leaves this responsibility entirely to the developer.
Concept tested: Buffer overflow vulnerability in unmanaged C/C++ code
Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Topics
Community Discussion
No community discussion yet for this question.