LOGBOOK

HELP

Quiz Entry - updated: 2026.07.07

How does a buffer overflow attack work?

Oversized input spills past a buffer and overwrites adjacent stack data — notably the saved return address — letting the attacker redirect execution.

Stack layout with high address at top: return address, saved frame pointer, then local buffer[32] at the low-address bottom; an overflow that grows upward writes past the buffer, overwrites the saved frame pointer, then overwrites the return address (highlighted red), redirecting execution on return.

* An overflow past a local buffer grows upward through the saved frame pointer into the return address, redirecting execution when the function returns. *

The stack layout (simplified):

High addresses
+------------------+
| Return address   | ← Where to go after function returns
+------------------+
| Saved frame ptr  | ← Previous stack frame
+------------------+
| Local buffer[32] | ← Where user input goes
+------------------+
Low addresses

What the attacker does:

  1. Find the buffer size - send increasing input until crash
  2. Calculate offset - how many bytes until we reach return address?
  3. Craft payload - fill buffer + overwrite return address with target

Example attack:

$ ./ls -lllllllllllllllllllllllllllll
# Found it! Program crashed
Segmentation fault

Exploitation (redirecting to delete function):

Input: "AAAA...AAAA" + address_of_delete()
       \_________/
       fills buffer, overwrites return address

When function returns, jumps to delete() instead of caller!
$ ./ls "------------------------"$'\x20\x63\x55\x56'
$ ./ls --long
# Files are gone! Attacker redirected execution to delete()

Modern defenses:

  • Stack canaries: Random value before return address, checked before return
  • ASLR: Randomize memory layout so attacker can't predict addresses
  • NX/DEP: Mark stack as non-executable (can't inject shellcode)
  • Input validation: Check input length before copying!

Tip: Understanding buffer overflows is essential for both attacking and defending systems.

Go deeper:

From Quiz: REVE1 / Overview of Computer Systems | Updated: Jul 07, 2026