Effective CISSP Questions

Which of the following programming constructs most likely suffers from the stack overflow attack?
A. Static variables
B. Local variables
C. Global variables
D. Dynamically allocated buffers

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Local variables.

Buffer Overflow

There are two types of buffer overflow attacks: stack overflow and heap overflow attack. Processes suffer from stack overflow attacks more frequently than heap overflow.

Memory Layout

Memory Layout of a Process

A program refers to the binary image (code and data) in the storage that needs to be loaded into memory by the operating system to be executed on the processor. A program loaded in the main memory is called a process, which has a structural memory layout.

The memory layout of a process has four primary segments or areas:

  • Text segment for executable code (the read-only machine or executable code)
  • Data segment for global and static variables and constants.
  • Heap for dynamically requested memory spaces or buffers.
  • Stack for local variables and return addresses to support function call operations.


Leave a Reply