Browse Definitions :
Definition

stack overflow

What is stack overflow?

A stack overflow is a type of buffer overflow error that occurs when a computer program tries to use more memory space in the call stack than has been allocated to that stack. The call stack, also referred to as the stack segment, is a fixed-sized buffer that stores local function variables and return address data during program execution.

The call stack adheres to a last-in, first-out (LIFO) memory architecture. Each function gets its own stack frame for storing variable and address data. When a function is called, the function's stack frame is added to the top of the call stack. The stack frame will remain in memory until the function is finished executing. The stack frame is then dropped from the stack, freeing up memory for other stack frames.

The size of a call stack is usually defined at the start of a program. Its size depends on multiple factors, such as the architecture of the host computer, the programming language being used and the amount of available memory in the system. If a program demands more memory than is available in the call stack, a stack overflow occurs, which can cause the program -- or even the entire computer -- to crash.

What causes stack overflow?

One of the most common causes of a stack overflow is the recursive function, a type of function that repeatedly calls itself in an attempt to carry out specific logic. Each time the function calls itself, it uses up more of the stack memory. If the function runs too many times, it can eat up all the available memory, resulting in a stack overflow.

Stack overflow errors can also occur if too much data is assigned to the variables in the stack frame. Array variables are particularly susceptible to stack overflow errors, especially if no logic has been implemented to prevent excess data from being written to the array.

stack buffer overflow attack
Exploiting buffer overflows lets attackers control or crash a process or modify its internal variables.

What happens during a stack overflow?

When a stack overflow occurs, the excess data can corrupt other variables and address data, effectively changing variable values and overwriting return addresses. In some cases, this will cause the program to crash. At other times, the program will continue to run, making it more difficult to troubleshoot the problem once the error is discovered. The longer the program runs, the harder this becomes.

A program susceptible to stack overflows can expose security vulnerabilities that hackers can exploit. By overwriting the call stack, they can insert their own executable code, which could have a significant impact on how the program works or how it is accessed. For example, a hacker might be able to use a stack overflow vulnerability to alter a password or delete a configuration file.

What is a heap overflow?

Another type of buffer overflow error is the heap overflow. Unlike the call stack, the heap (or heap segment) is a memory space that's allocated dynamically and that stores global variables. The heap is just as susceptible to buffer overflow errors as the call stack, even if the memory is allocated dynamically. With heaps, program developers are responsible for deallocating memory. If they fail to do this properly, heap overflow can occur, resulting in critical data being overwritten. Heap overflow can also occur when the stored variables contain more data than the amount of allocated memory.

See also: memory allocation, memory management, swap file

This was last updated in July 2022

Continue Reading About stack overflow

Networking
Security
  • DNS attack

    A DNS attack is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system.

  • malware

    Malware, or malicious software, is any program or file that's intentionally harmful to a computer, network or server.

  • cloud security

    Cloud security, also known as 'cloud computing security,' is a set of policies, practices and controls deployed to protect ...

CIO
  • data collection

    Data collection is the process of gathering data for use in business decision-making, strategic planning, research and other ...

  • chief trust officer

    A chief trust officer (CTrO) in the IT industry is an executive job title given to the person responsible for building confidence...

  • green IT (green information technology)

    Green IT (green information technology) is the practice of creating and using environmentally sustainable computing resources.

HRSoftware
  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

  • ADP Mobile Solutions

    ADP Mobile Solutions is a self-service mobile app that enables employees to access work records such as pay, schedules, timecards...

  • director of employee engagement

    Director of employee engagement is one of the job titles for a human resources (HR) manager who is responsible for an ...

Customer Experience
  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...

  • contact center schedule adherence

    Contact center schedule adherence is a standard metric used in business contact centers to determine whether contact center ...

  • customer retention

    Customer retention is a metric that measures customer loyalty, or an organization's ability to retain customers over time.

Close