MRC usage in Objective C

is Manual Referencing Count in Objective C vulnerable to buffer overflow attacks ?

or is non ARC applications vulnerable to bufferOverflow attacks?

Up vote post of Tagit India Down vote post of Tagit India
485 views
Posted by
Tagit India
Reply
Add a Comment

Replies

Objective-C is built on top of C and thus is fundamentally unsafe when it comes to memory management. ARC helps prevent one specific type of memory management problem — mismatched retains and releases — but it does not prevent them all, and that includes buffer overruns.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Automatic reference-counting garbage collection schemes and manual reference count schemes and fully manual memory management whether via alloca or malloc or otherwise—and C and Objective C buffer overflows and exploits—are all related, but are distinct concepts.

C will happily overwrite any memory that isn't otherwise write protected, when handed a rogue pointer.

Some links to more info and background:

https://developer.ibm.com/tutorials/l-memory/

https://stackoverflow.com/questions/6220212/buffer-overflow-in-c

https://www.tallan.com/blog/2019/03/07/exploring-buffer-overflows-in-c-part-one-theory/

https://www.tallan.com/blog/2019/04/04/exploring-buffer-overflows-in-c-part-two-the-exploit/

As this question reads like a homework question, I'm including some introductory material around memory management foibles and C exploits in the above links.

Posted by
Hoffman
Up vote reply of Hoffman Down vote reply of Hoffman
Add a Comment