Reverse Engineering/Heap Overflows
From Wikibooks, the open-content textbooks collection
Many programmers make the incorrect assumption that since stack overflows are so easy and dangerous, that the heap is a safe alternative. However, whether memory is allocated on the stack or on the heap does not particularly matter in the case of security. If memory is allocated on the heap, but the programming is sloppy, vulnerabilities can still be found and exploited.
Heaps are complicated memory structures in their own right, often implemented as binary trees or linked lists, or even other structures, dependant on your operating system. Therefore, exploiting a heap overflow is more difficult than exploiting a stack overflow, but a careful and determined attacker can usully find a way. The heap, as any other area of memory, is strictly defined in size and space. Therefore it is essential that memory on the heap is strictly checked for bounds errors and overflows.
[edit] Additional Problems
Because the memory in the heap isn't linear in the same way that the stack is, it becomes nearly impossible to utilize canarys or cookies to detect overflows.
