What is the maximum size of buffers memcpy and other functions can handle? Is this implementation dependent? Is this restricted by the size(size_t) passed in as an argument?
Right, you cannot copy areas that are greater then 2^(sizeof(size_t)*8) bytes.
0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow.
memset() is used to set all the bytes in a block of memory to a particular char value. Memset also only plays well with char as it's its initialization value. memcpy() copies bytes between memory. This type of data being copied is irrelevant, it just makes byte-for-byte copies.
memcpy is usually naive - certainly not the slowest way to copy memory around, but usually quite easy to beat with some loop unrolling, and you can go even further with assembler.
This is entirely implementation dependent.
This depends on the hardware as much as anything, but also on the age of the compiler.  For anyone with a reasonably modern compiler (meaning anything based on a standard from the early 90's or later), the size argument is a size_t.  This can reasonably be the largest 16 bit unsigned, the largest 32 bit unsigned, or the largest 64 bit unsigned, depending on the memory model the compiler compiles to.  In this case, you just have to find out what size a size_t is in your implementation.  However, for very old compilers (that is, before ANSI-C and perhaps for some early versions of ANSI C), all bets are off.
On the standards side, looking at cygwin and Solaris 7, for example, the size argument is a size_t. Looking at an embedded system that I have available, the size argument is an unsigned (meaning 16-bit unsigned).  (The compiler for this embedded system was written in the 80's.)  I found a web reference to some ANSI C where the size parameter is an int.
You may want to see this article on size_t as well as the follow-up article about a mis-feature of some early GCC versions where size_t was erroneously signed.
In summary, for almost everyone, size_t will be the correct reference to use.  For those few using embedded systems or legacy systems with very old compilers, however, you need to check your man page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With