Stack memory allocation and buffer overflow, x86 ISA32
So, I found out about buffer overflows as well as the procedure for saving memory on the stack and I was concerned / I don't understand some conventions. When saving local variables / arrays, why do we allocate memory from stack pointer to base pointer
(array [0] will be closer to the top of the stack, and array [1] to array [n-1] will be closer to the base pointer of your frame)
Why not the other way around? if array [n-1] was assigned to the stack pointer, there would be no threat to the stored registers / return addresses in the previous frame.
I read the wiki article and stacks that grow, but they assume the return address exists before the buffer is allocated, which means the buffer overwrites the return. But isn't it the other way around? Shouldn't the return address be pushed onto the stack only after local variables are declared?
source to share
The x86 architecture relied heavily on the Intel 8080, which had a similar stack architecture (one common call and data stack grows downward). This was seen as significant progress at the time, considering that the predecessor of the 8080, the 8008, had a call stack that was built into the CPU, and it was only seven layers deep.
Intel 8080 was released in 1974. Given that there wasn't a lot of stuff on the network (for example, Ethernet was just being developed), potential glass-splitting attacks were probably not a major concern. On the other hand, the flexibility and usability of the available RAM were.
It was much later that stack splitting became a major problem. For example, the first high quality walkthrough was published in 1996.
source to share
Historically, stack and heap have occupied the same memory space. The heap was allocated at the bottom and the stack was at the top. When you overflow ... you just overwrite another cosmic memory and soon crash.
Currently, I believe this is no longer the case, but the x86 instruction set for managing the stack remained such that it consumes memory from above.
But arrays are bottom-indexed. For this reason, it is array[0]
closer to the "top" of the stack (below), and array[n-1]
further away.
source to share