ANSWERS: 3
-
WHAT?
-
Catastrophic failure can occur only if you are using large collection of array to store data in system memory. You can use file handling to store large data in C++ instad of large arrays to avoid memory failures Programmer should take care of exceeding the limits of system memory overrun as well as array limits.
-
Can over running of array lead to the catastrophic failures? Yes, these are called buffer overruns and they can result in serious exploits in your code. Say, for example, you code accepts input of an arbitrary length but stores it in a fixed size buffer, given a correctly crafted input an attacker could over-write the stack thus modifying the return address of the function currently being executed. The result of this is that the attacker could make the function return to and execute code at any address they like. This coud be used to, for example, execute a system function to start a new process that gives the attacker access to your box by backdoor means. This would be especially true if the process running your program was executing with 'elevated privileges' -- e.g. as an administrator. >> If ‘Yes’ then why does not C++ provide bound checking on array operations Put simply, efficiency. The Standards council decided it would be too much of an overhead to implement this as it's not always necessary. For example, it may be the code using a fixed size buffer does not take any external input and is guarenteed not to overrun the buffer, in this case the overhead of the checks are not justified. >> who is responsible to prevent array overruns? Um, you (the progrmamer) :)
Copyright 2023, Wired Ivy, LLC