Understanding How Overflows WorkStack OverflowsInteger OverflowsHeap OverrunsOther AttacksTesting for Overruns: Where to Look for CasesNetworkDocuments and FilesInformation Shared Between Users with Higher and Lower PrivilegesProgrammable InterfacesBlack Box (Functional) TestingDetermining What Data Is ExpectedUsing Data You RecognizeKnowing the Limits and BoundsAsking or Reading the CodeTrying the Maximum Intended Allowable LengthsUsing Common LimitsSlowly Growing the InputUsing an Iterative ApproachMaintaining Overall Data IntegrityEncodings/Compression/EncryptionCompound DocumentsOffsets/SizesReferencesFixed-Width FieldsLimited Values (Enumerations)DependenciesDelimitersStrategies for Transforming Normal Data into OverrunsReplacing Null ValuesInserting vs. OverwritingAdjusting String LengthsRecognizing Data StructuresTesting Both Primary and Secondary ActionsPrioritizing Test CasesWhat to Look ForCrashesExceptionsMemory SpikesChanges in BehaviorRuntime ToolsBounds CheckerDebuggerGflags.exeFuzzingWhite Box TestingThings to Look ForData CopyingDuplicate Lengths or Size DataParsersIn-Place Expansion of DataANSI/OEM to and from UnicodeRelative Path ExpansionEncoding or DecodingFailing to Null TerminateFailing to Reset Freed PointersOverflow ExploitabilityUnicode DataFiltered DataAdditional TopicsNoncode Execution Overflows Can Be Serious, Too/GS Compiler SwitchTesting Whether the Binary Was Compiled Using /GS/GS Information Disclosure VulnerabilityTesting TipsSummary