Delta Pointers: Buffer Overflow Checks Without the Checks

Taddeus Kroes, Koen Koning, Erik van der Kouwe, Herbert Bos, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

598 Downloads (Pure)


Despite decades of research, buffer overflows still rank among the most dangerous vulnerabilities in unsafe languages such as C and C++. Compared to other memory corruption vulnerabilities, buffer overflows are both common and typically easy to exploit. Yet, they have proven so challenging to detect in real-world programs that existing solutions either yield very poor performance, or introduce incompatibilities with the C/C++ language standard. We present Delta Pointers, a new solution for buffer overflow detection based on efficient pointer tagging. By carefully altering the pointer representation, without violating language specifications, Delta Pointers use existing hardware features to detect both contiguous and non-contiguous overflows on dereferences, without a single check incurring extra branch or memory access operations. By focusing on buffer overflows rather than other vulnerabilities (e.g., underflows), Delta Pointers offer a unique checkless design to provide high performance while still maintaining compatibility. We show that Delta Pointers are effective in detecting arbitrary buffer overflows and, at 35% overhead on SPEC, offer much better performance than competing solutions.

Original languageEnglish
Title of host publicationEuroSys 2018
Subtitle of host publicationProceedings of the 13th EuroSys Conference
PublisherAssociation for Computing Machinery, Inc
Number of pages14
ISBN (Electronic)9781450355841
ISBN (Print)9781450355841
Publication statusPublished - Apr 2018
Event13th EuroSys Conference, EuroSys 2018 - Porto, Portugal
Duration: 23 Apr 201826 Apr 2018


Conference13th EuroSys Conference, EuroSys 2018


  • Bounds Checking
  • LLVM
  • Memory Safety
  • Pointer Tagging


Dive into the research topics of 'Delta Pointers: Buffer Overflow Checks Without the Checks'. Together they form a unique fingerprint.

Cite this