312-50V9 · Question #316
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code: #include <string.h> int main(){ char buffer[
The correct answer is D. C++. C++ lacks built-in bounds checking on array and buffer operations, making it susceptible to buffer overflow attacks when unsafe functions like strcpy() write beyond allocated memory.
Question
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code:
#include <string.h> int main(){ char buffer[8]; strcpy(buffer, ""11111111111111111111111111111""); } Output:
Segmentation fault
Options
- AC#
- BPython
- CJava
- DC++
How the community answered
(38 responses)- A3% (1)
- B5% (2)
- C3% (1)
- D89% (34)
Why each option
C++ lacks built-in bounds checking on array and buffer operations, making it susceptible to buffer overflow attacks when unsafe functions like strcpy() write beyond allocated memory.
C# is a managed language running on the .NET CLR, which enforces array bounds at runtime and throws an IndexOutOfRangeException rather than allowing a buffer overflow.
Python manages memory dynamically through its interpreter and automatically resizes string and buffer objects, making traditional buffer overflow attacks impossible in pure Python code.
Java runs on the JVM, which performs automatic bounds checking on all array accesses and throws an ArrayIndexOutOfBoundsException, preventing buffer overflows entirely.
C++ inherits C's low-level memory model and provides no automatic bounds checking on arrays or string operations; the strcpy() function in the example blindly copies a 29-character string into an 8-byte buffer, overwriting adjacent memory and causing the segmentation fault shown. Unlike managed languages, C++ gives the programmer direct memory control without runtime safety nets, making this class of vulnerability possible.
Concept tested: Buffer overflow vulnerability in unmanaged languages
Source: https://owasp.org/www-community/vulnerabilities/Buffer_Overflow
Topics
Community Discussion
No community discussion yet for this question.