Re: [AD] Buffer security patch

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]


Eric Botcazou wrote:

As Vincent pointed out to me in a private mail, it would be a good idea to
have all data buffers in allegro dynamically allocated instead of
statically allocated. moving buffers from stack to heap better protects
against buffer overflows beeing used in cracker attacks or just
accidentally throwing the instruction pointer of course due to overwritten
function return adresses.


Eh! This is a game programming library, not a virtual machine or a web server. C is not very good at dynamic memory management so let's try to keep the whole thing simple.


But then again you don't want to have an Allegro game server/client application that allows a player to both play and serve at the same time get root on the system ;).

But I do agree it would be a pretty wild event to have someone hack a networked Allegro game to get root on the system, mostly because of the popularity level of Allegro games and also because of the transient nature of any game server or client.

Jason Winnebeck
("Gillus")




Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/