is Manual Referencing Count in Objective C vulnerable to buffer overflow attacks ?
or is non ARC applications vulnerable to bufferOverflow attacks?
is Manual Referencing Count in Objective C vulnerable to buffer overflow attacks ?
or is non ARC applications vulnerable to bufferOverflow attacks?
Objective-C is built on top of C and thus is fundamentally unsafe when it comes to memory management. ARC helps prevent one specific type of memory management problem — mismatched retains and releases — but it does not prevent them all, and that includes buffer overruns.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Automatic reference-counting garbage collection schemes and manual reference count schemes and fully manual memory management whether via alloca or malloc or otherwise—and C and Objective C buffer overflows and exploits—are all related, but are distinct concepts.
C will happily overwrite any memory that isn't otherwise write protected, when handed a rogue pointer.
Some links to more info and background:
https://developer.ibm.com/tutorials/l-memory/
https://stackoverflow.com/questions/6220212/buffer-overflow-in-c
https://www.tallan.com/blog/2019/03/07/exploring-buffer-overflows-in-c-part-one-theory/
https://www.tallan.com/blog/2019/04/04/exploring-buffer-overflows-in-c-part-two-the-exploit/
As this question reads like a homework question, I'm including some introductory material around memory management foibles and C exploits in the above links.