总是建议不要读入未初始化的内存空间吗? [英] Is reading into uninitialized memory space ALWAYS ill advised?
问题描述
我正在重新创建整个标准C库,并且正在为strle n进行实现,我希望将其作为我所有其他str函数的基础.
I am recreating the entire standard C library and I'm working on an implementation for strlen that I would like to be the basis of all my other str functions.
我当前的实现如下:
int ft_strlen(char const *str)
{
int length;
length = 0;
while(str[length] != '\0' || str[length + 1] == '\0')
length++;
return length;
}
我的问题是,当我通过str时:
My question is that when I pass a str like:
char str[6] = "hi!";
如预期的那样,内存读取:
As expected, the memory reads:
['h']['i']['!']['\0']['\0']['\0']['\0']
如果看一下我的实现,可以期望我得到的回报是6-而不是3(我以前的方法),以便我可以检查strlen可能包括额外分配的内存.
If you look at my implementation, you can expect that I would get a return of 6 - as opposed to 3 (my previous approach) so that I can check strlen potentially including extra allocated memory.
这里的要点是,我将不得不在初始化的内存之外读取1个字节,以使我在最后的空终止符处的最后一个循环条件失败-这是我想要的行为.但是,这通常被认为是不好的做法,并且会自动出现错误.
The catch here is that I will have to read outside of initialized memory by 1 byte to fail my last loop condition at final null terminator - which is the behavior I WANT. However this is generally considered bad practice and by some an automatic error.
即使您非常打算读入一个垃圾值(以确保它不包含'\ 0'),但在初始化值之外读取也是一个坏主意吗?
Is reading outside of your initialized value a bad idea even when you are very specifically intending to read into a junk value (to ensure it DOES NOT contain '\0')?
如果是这样,为什么?
我了解:
"buffer overruns are a favorite avenue for attacking secure programs"
不过,如果我只是想确保已达到初始化值的末尾,我就看不到问题了.
Still, I can't see the problem if I'm simply trying to ensure I've hit the end of initialized values...
此外,我意识到可以避免此问题-我已经回避了将值设置为1,然后仅读取初始化值的问题-这不是重点,这更多是关于C,运行时行为和最佳实践的基本问题;)
Also, I realize this problem can be avoided - I have already sidestepped with a value set to 1 and then only reading initialized values - that's not the point, this is more of a fundamental question about C, runtime behavior and best practices ;)
对上一篇文章的评论:
好.足够公平-但对于初始化值读取后,是否总是一个坏主意(有意操纵或运行时稳定性造成的危险)"这个问题,您有答案吗?请阅读已接受的答案,以获取问题性质的示例.我真的不需要修复此代码,也不需要更好地了解数据类型,POSIX规范或通用标准.我的问题与为什么存在这样的标准有关-为什么从不读取过去的初始化内存可能很重要(如果存在此类原因)?一般读取过去的初始化值的潜在后果是什么?
OK. Fair enough - but as to the question "Is it always a bad idea (danger from intentional manipulation or runtime stability) to read after initialized values" - do you have an answer? Please read the accepted answer for an example of the nature of the question. I really don't need this code fixed, nor do I need a better understanding of data types, POSIX specs or common standards. My question is related to WHY such standards may exist - why it may be important to never read past initialized memory (if such reasons exist)? What is the potential fallout of reading past initialized values IN GENERAL?
请大家- 我试图更好地了解系统的运行方式,并且有一个非常特殊的问题.
Please all - I'm trying to better understand aspects of how systems operate and I have a VERY SPECIFIC question.
推荐答案
读取未初始化的内存可以返回先前存储在其中的数据.如果您的程序处理敏感数据(例如密码或加密密钥),并且将未初始化的数据透露给某方(并希望它是有效的),则您可能会泄露机密信息.
Reading uninitialized memory can return data previously stored there. If your program processes sensitive data (such as passwords or cryptographic keys) and you disclose the uninitialized data to some party (expecting that it is valid), you might reveal confidential information.
此外,如果读取的内容超出数组末尾,则可能未映射内存,并且会出现分段错误和崩溃.
Furthermore, if you read beyond the end of an array, the memory might not be mapped, and you will get a segmentation fault and a crash.
编译器还可以假设您的代码是正确的,并且不会读取未初始化的内存,并基于此做出优化决策,因此即使读取未初始化的内存也可能具有任意副作用.
The compiler can also assume that your code is correct and will not read uninitialized memory, and make optimization decisions based on that, so even reading uninitialized memory can have arbitrary side effects.
这篇关于总是建议不要读入未初始化的内存空间吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
