Buffer Overflow — Bastion Security Range

briefing.md read first

What is a buffer overflow?

A buffer overflow happens when a program writes more data into a fixed-size block of memory — a buffer — than that block was allocated to hold. The extra bytes don't vanish: they spill into adjacent memory, overwriting whatever lived next door.

Depending on what sits beside the buffer, that overwrite can corrupt data, change the program's behavior, or hand an attacker control of execution. It's one of the oldest and most studied vulnerability classes in security.

Think of the buffer as a cup sized for a fixed amount of water. Pour in more than it holds and the rest spills across the counter — onto things you never meant to touch.

Where it comes from

Classic cases use functions that copy input without checking length against the destination size. The write keeps going past the end of the array:

// 10 bytes reserved on the stack
char username[10];

// no length check — input longer than 10
// writes straight past the buffer's end
strcpy(username, attacker_input);

The fix is bounds checking: refuse to write more than the buffer can hold, or use length-aware APIs. In the lab on the right, the buffer is char[10] — try to keep your write inside it.

memory-monitor live

A 10-byte buffer sits next to a region of adjacent memory. Type a username below — each character is written one cell at a time. Watch what happens once the write passes byte 10.

0x7ffd1a08 stack ↓ grows 0x7ffd1a1c

allocated buffer · char[10] adjacent memory

+0x0A

bytes written: 0 capacity: 10 NOMINAL

Enter your username

$ 0 / 20

Disclaimer. This is a simplified, conceptual simulation for educational use. It models the idea of an overflow with a live length check — it is not a real, exploitable vulnerability and executes no unsafe memory operations.