Browse Definitions :
Definition

stack overflow

What is stack overflow?

A stack overflow is a type of buffer overflow error that occurs when a computer program tries to use more memory space in the call stack than has been allocated to that stack. The call stack, also referred to as the stack segment, is a fixed-sized buffer that stores local function variables and return address data during program execution.

The call stack adheres to a last-in, first-out (LIFO) memory architecture. Each function gets its own stack frame for storing variable and address data. When a function is called, the function's stack frame is added to the top of the call stack. The stack frame will remain in memory until the function is finished executing. The stack frame is then dropped from the stack, freeing up memory for other stack frames.

The size of a call stack is usually defined at the start of a program. Its size depends on multiple factors, such as the architecture of the host computer, the programming language being used and the amount of available memory in the system. If a program demands more memory than is available in the call stack, a stack overflow occurs, which can cause the program -- or even the entire computer -- to crash.

What causes stack overflow?

One of the most common causes of a stack overflow is the recursive function, a type of function that repeatedly calls itself in an attempt to carry out specific logic. Each time the function calls itself, it uses up more of the stack memory. If the function runs too many times, it can eat up all the available memory, resulting in a stack overflow.

Stack overflow errors can also occur if too much data is assigned to the variables in the stack frame. Array variables are particularly susceptible to stack overflow errors, especially if no logic has been implemented to prevent excess data from being written to the array.

stack buffer overflow attack
Exploiting buffer overflows lets attackers control or crash a process or modify its internal variables.

What happens during a stack overflow?

When a stack overflow occurs, the excess data can corrupt other variables and address data, effectively changing variable values and overwriting return addresses. In some cases, this will cause the program to crash. At other times, the program will continue to run, making it more difficult to troubleshoot the problem once the error is discovered. The longer the program runs, the harder this becomes.

A program susceptible to stack overflows can expose security vulnerabilities that hackers can exploit. By overwriting the call stack, they can insert their own executable code, which could have a significant impact on how the program works or how it is accessed. For example, a hacker might be able to use a stack overflow vulnerability to alter a password or delete a configuration file.

What is a heap overflow?

Another type of buffer overflow error is the heap overflow. Unlike the call stack, the heap (or heap segment) is a memory space that's allocated dynamically and that stores global variables. The heap is just as susceptible to buffer overflow errors as the call stack, even if the memory is allocated dynamically. With heaps, program developers are responsible for deallocating memory. If they fail to do this properly, heap overflow can occur, resulting in critical data being overwritten. Heap overflow can also occur when the stored variables contain more data than the amount of allocated memory.

See also: memory allocation, memory management, swap file

This was last updated in July 2022

Continue Reading About stack overflow

Networking
  • voice over LTE (VoLTE)

    Voice over LTE (VoLTE) is a digital packet technology that uses 4G LTE networks to route voice traffic and transmit data.

  • ONOS (Open Network Operating System)

    Open Network Operating System (ONOS) is an OS designed to help network service providers build carrier-grade software-defined ...

  • telematics

    Telematics is a term that combines the words telecommunications and informatics to describe the use of communications and IT to ...

Security
  • three-factor authentication (3FA)

    Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication ...

  • cyber espionage

    Cyber espionage (cyberespionage) is a type of cyber attack that malicious hackers carry out against a business or government ...

  • role-based access control (RBAC)

    Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an ...

CIO
  • project charter

    A project charter is a formal short document that states a project exists and provides project managers with written authority to...

  • leadership

    Leadership is the ability of an individual or a group of people to influence and guide followers or members of an organization, ...

  • transaction

    In computing, a transaction is a set of related tasks treated as a single action.

HRSoftware
  • employee engagement

    Employee engagement is the emotional and professional connection an employee feels toward their organization, colleagues and work.

  • talent pool

    A talent pool is a database of job candidates who have the potential to meet an organization's immediate and long-term needs.

  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

Customer Experience
  • sales development representative (SDR)

    A sales development representative (SDR) is an individual who focuses on prospecting, moving and qualifying leads through the ...

  • service level indicator

    A service level indicator (SLI) is a metric that indicates what measure of performance a customer is receiving at a given time.

  • customer data platform (CDP)

    A customer data platform (CDP) is a type of software application that provides a unified platform of customer information that ...

Close