
Back to Basics - dkarapetyan
https://www.joelonsoftware.com/2001/12/11/back-to-basics/
======
severine
(2001)

but still, great read...

 _Since we’re looking at the bits today I shouldn’t have ignored this. I
should have done this correctly: figured out how many bytes I needed and
allocated the right amount of memory._

 _Shouldn’t I have?_

 _Because otherwise, you see, a clever hacker will read my code and notice
that I’m only allocating 1000 bytes and hoping it will be enough, and they’ll
find some clever way to trick me into strcatting a 1100 byte string into my
1000 bytes of memory, thus overwriting the stack frame and changing the return
address so that when this function returns, it executes some code which the
hacker himself wrote. This is what they’re talking about when they say that a
particular program has a buffer overflow susceptibility. It was the number one
cause of hacks and worms in the olden days before Microsoft Outlook made
hacking easy enough for teenagers to do._

