Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.lang.c > #393825
| From | Tim Rentsch <tr.17687@z991.linuxsc.com> |
|---|---|
| Newsgroups | comp.lang.c |
| Subject | Re: Memory protection between compilation units? |
| Date | 2025-06-12 06:05 -0700 |
| Organization | A noiseless patient Spider |
| Message-ID | <86wm9hp0u2.fsf@linuxsc.com> (permalink) |
| References | <20250611153239.6bc43323@mateusz> |
Mateusz Viste <mateusz@x.invalid> writes:
> This might not be a strictly C question, but it definitely concerns all
> C programmers.
>
> Earlier today, I fixed an out-of-bounds write bug. An obvious issue:
>
> static int *socks[0xffff];
>
> void update_my_socks(int *sock, int val) {
> socks[val & 0xffff] = sock;
> }
>
> While the presented issue is common knowledge for anyone familiar with
> C, *locating* the bug was challenging. The program did not crash at the
> moment of the out-of-bounds write but much later - somewhere entirely
> different, in a different object file that maintained a static pointer
> for tracking a position in a linked list. To my surprise, the pointer
> was randomly reset to NULL about once a week, causing a segfault.
> Tracing this back to an unrelated out-of-bounds write elsewhere in the
> code was tedious, to say the least.
>
> This raises a question: how can such corruptions be detected sooner?
> Protected mode prevents interference between programs but doesn?t
> safeguard a program from corrupting itself. Is there a way to enforce
> memory protection between module files of the same program? After all,
> static objects shouldn't be accessible outside their compilation unit.
>
> How would you approach this?
The code in question shows several classic error patterns. In no
particular order:
* buffer overflow
* off-by-one error
* hard-coded constants (rather than symbolic)
* bitwise operator with signed operand
* using & to effect what is really a modulo operation
* two of the above combine to impose a constraint on a
hard-coded value, and the constraint is never checked
Of course some of these, notably buffer overflow, are hard to find.
But some of them are easy. The hard-coded constants stand out like a
neon sign, especially because one is duplicated. Check for any
constant written in open code above the value of, say, 10. Once the
offending example is found, it can be rewritten, as for example
static int *socks[0xffff];
void update_my_socks(int *sock, int val) {
const unsigned N = sizeof socks / sizeof socks[0];
socks[val % N] = sock;
}
This revision doesn't fix the program but it does eliminate the bug.
(Presumably fixing the program will happen later.) Of course the
code should be further revised so that the temptation to use the
hard-coded value elsewhere is reduced, but this revision at least is
a step in the right direction.
Also, whenever a cockroach is seen, you can be sure there are other
cockroaches around. Each of the types of errors evidenced by the
original code (at least three of the list of six types) represent
bugs waiting to be found; go through the code and check for all
of them, at least for the ones that can be located easily. Add
these error classes to the list of potential problems checked
during code review.
I acknowledge that this response isn't exactly an answer to the
original question. It does illustrate though a kind of thinking
that can be useful when trying to track down hard-to-find bugs.
Back to comp.lang.c | Previous | Next — Previous in thread | Next in thread | Find similar
Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-11 15:32 +0200
Re: Memory protection between compilation units? Josef Möllers <josef@invalid.invalid> - 2025-06-11 16:06 +0200
Re: Memory protection between compilation units? scott@slp53.sl.home (Scott Lurndal) - 2025-06-11 14:32 +0000
Re: Memory protection between compilation units? Michael S <already5chosen@yahoo.com> - 2025-06-12 20:01 +0300
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-13 09:13 +0200
Re: Memory protection between compilation units? Richard Heathfield <rjh@cpax.org.uk> - 2025-06-12 19:15 +0100
Re: Memory protection between compilation units? Rosario19 <Ros@invalid.invalid> - 2025-06-16 18:14 +0200
Re: Memory protection between compilation units? Richard Heathfield <rjh@cpax.org.uk> - 2025-06-16 17:53 +0100
Re: Memory protection between compilation units? Lew Pitcher <lew.pitcher@digitalfreehold.ca> - 2025-06-11 14:30 +0000
Re: Memory protection between compilation units? David Brown <david.brown@hesbynett.no> - 2025-06-11 17:14 +0200
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-12 14:31 +0200
Re: Memory protection between compilation units? David Brown <david.brown@hesbynett.no> - 2025-06-12 15:29 +0200
Re: Memory protection between compilation units? scott@slp53.sl.home (Scott Lurndal) - 2025-06-12 14:27 +0000
Re: Memory protection between compilation units? Opus <ifonly@youknew.org> - 2025-06-11 17:19 +0200
Re: Memory protection between compilation units? wij <wyniijj5@gmail.com> - 2025-06-11 23:38 +0800
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-12 14:41 +0200
Re: Memory protection between compilation units? scott@slp53.sl.home (Scott Lurndal) - 2025-06-12 13:21 +0000
Re: Memory protection between compilation units? Kaz Kylheku <643-408-1753@kylheku.com> - 2025-06-11 15:36 +0000
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-12 10:28 +0200
Re: Memory protection between compilation units? scott@slp53.sl.home (Scott Lurndal) - 2025-06-12 13:18 +0000
Re: Memory protection between compilation units? Kaz Kylheku <643-408-1753@kylheku.com> - 2025-06-12 18:59 +0000
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-13 08:42 +0200
Re: Memory protection between compilation units? Kaz Kylheku <643-408-1753@kylheku.com> - 2025-06-13 16:17 +0000
Re: Memory protection between compilation units? pozz <pozzugno@gmail.com> - 2025-06-13 09:21 +0200
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-13 14:14 +0200
Re: Memory protection between compilation units? Michael S <already5chosen@yahoo.com> - 2025-06-13 16:56 +0300
Re: Memory protection between compilation units? Richard Heathfield <rjh@cpax.org.uk> - 2025-06-13 15:43 +0100
Re: Memory protection between compilation units? Michael S <already5chosen@yahoo.com> - 2025-06-14 22:07 +0300
Re: Memory protection between compilation units? Kaz Kylheku <643-408-1753@kylheku.com> - 2025-06-13 17:14 +0000
Re: Memory protection between compilation units? Mateusz Viste <mateusz@not.gonna.tell> - 2025-06-14 21:37 +0000
Re: Memory protection between compilation units? antispam@fricas.org (Waldek Hebisch) - 2025-06-15 13:57 +0000
Re: Memory protection between compilation units? Mateusz Viste <mateusz@not.gonna.tell> - 2025-06-15 20:27 +0000
Re: Memory protection between compilation units? antispam@fricas.org (Waldek Hebisch) - 2025-06-15 23:50 +0000
Re: Memory protection between compilation units? Kaz Kylheku <643-408-1753@kylheku.com> - 2025-06-16 01:01 +0000
Re: Memory protection between compilation units? antispam@fricas.org (Waldek Hebisch) - 2025-06-16 10:00 +0000
Re: Memory protection between compilation units? James Kuyper <jameskuyper@alumni.caltech.edu> - 2025-06-16 06:12 -0400
Re: Memory protection between compilation units? Tim Rentsch <tr.17687@z991.linuxsc.com> - 2025-06-16 06:10 -0700
Re: Memory protection between compilation units? antispam@fricas.org (Waldek Hebisch) - 2025-06-16 16:47 +0000
Re: Memory protection between compilation units? Kaz Kylheku <643-408-1753@kylheku.com> - 2025-06-13 16:23 +0000
Re: Memory protection between compilation units? wij <wyniijj5@gmail.com> - 2025-06-14 02:10 +0800
Re: Memory protection between compilation units? Mikko <mikko.levanto@iki.fi> - 2025-06-12 11:40 +0300
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-12 11:05 +0200
Re: Memory protection between compilation units? Tim Rentsch <tr.17687@z991.linuxsc.com> - 2025-06-12 06:05 -0700
Re: Memory protection between compilation units? Bonita Montero <Bonita.Montero@gmail.com> - 2025-06-13 08:03 +0200
Re: Memory protection between compilation units? wij <wyniijj5@gmail.com> - 2025-06-14 02:16 +0800
Re: Memory protection between compilation units? Bonita Montero <Bonita.Montero@gmail.com> - 2025-06-13 20:43 +0200
Re: Memory protection between compilation units? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2025-06-13 12:32 -0700
Re: Memory protection between compilation units? Tim Rentsch <tr.17687@z991.linuxsc.com> - 2025-06-13 15:48 -0700
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-13 08:59 +0200
Re: Memory protection between compilation units? Tim Rentsch <tr.17687@z991.linuxsc.com> - 2025-06-13 16:31 -0700
Re: Memory protection between compilation units? Mateusz Viste <mateusz@not.gonna.tell> - 2025-06-14 22:22 +0000
Re: Memory protection between compilation units? Tim Rentsch <tr.17687@z991.linuxsc.com> - 2025-07-01 09:54 -0700
Re: Memory protection between compilation units? Bonita Montero <Bonita.Montero@gmail.com> - 2025-06-13 08:00 +0200
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-13 08:47 +0200
Re: Memory protection between compilation units? Kaz Kylheku <643-408-1753@kylheku.com> - 2025-06-13 16:19 +0000
Re: Memory protection between compilation units? Louis Krupp <lkrupp@invalid.pssw.com.invalid> - 2025-06-16 06:29 -0600
Re: Memory protection between compilation units? Mateusz Viste <mateusz@x.invalid> - 2025-06-16 15:01 +0200
Re: Memory protection between compilation units? olcott <polcott333@gmail.com> - 2025-06-21 15:49 -0500
csiph-web