我可以用比我多少使用malloc分配更多的内存(),为什么? [英] I can use more memory than how much I've allocated with malloc(), why?
问题描述
char *cp = (char *) malloc(1);
strcpy(cp, "123456789");
puts(cp);
输出为123456789在两个海湾合作委员会(Linux的)和Visual C ++防爆preSS,这是否意味着当有可用内存,其实我可以用比我和分配更多的malloc()?
为什么的malloc(0)不会导致运行时错误?
and why malloc(0) doesn't cause runtime error?
感谢。
推荐答案
您已经问了一个很好的问题,也许这将刺激你的关于操作系统的胃口。已经你知道你已经成功实现了与这个code,你通常不会指望做一些事情。所以,你想使你的便携式绝不会做在code。
You've asked a very good question and maybe this will whet your appetite about operating systems. Already you know you've managed to achieve something with this code that you wouldn't ordinarily expect to do. So you would never do this in code you want to make portable.
要更具体,这完全取决于你的操作系统和CPU架构,操作系统分配内存页你的程序 - 通常这可以在4千字节的顺序。操作系统是页面的监护人,将立即终止试图访问它没有被分配一个页面的任何程序
To be more specific, and this depends entirely on your operating system and CPU architecture, the operating system allocates "pages" of memory to your program - typically this can be in the order of 4 kilobytes. The operating system is the guardian of pages and will immediately terminate any program that attempts to access a page it has not been assigned.
的malloc ,在另一方面,是不是一个操作系统的功能,但一个C库调用。它可以以许多方式来实现。很可能,你对的malloc 调用导致从操作系统的页面请求。然后的malloc 将决定给你一个指向页面内一个字节。当你写从位置记忆你给你只是在页面编写操作系统已经批准程序,因此,操作系统将不会看到任何错误行为。
malloc, on the other hand, is not an operating system function but a C library call. It can be implemented in many ways. It is likely that your call to malloc resulted in a page request from the operating system. Then malloc would have decided to give you a pointer to a single byte inside that page. When you wrote to the memory from the location you were given you were just writing in a "page" that the operating system had granted your program, and thus the operating system will not see any wrong doing.
真正的问题,当然会,如果您继续拨打的malloc 来分配更多的内存开始。它最终将返回指向你刚才写了位置。这就是所谓的缓冲器溢出时写入是合法的(从一个操作系统的角度)的存储位置,但有可能被改写存储器中的程序的另一部分也将被使用。
The real problems, of course, will begin when you continue to call malloc to assign more memory. It will eventually return pointers to the locations you just wrote over. This is called a "buffer overflow" when you write to memory locations that are legal (from an operating system perspective) but could potentially be overwriting memory another part of the program will also be using.
如果你继续来了解这个问题,你就会明白使用这种缓冲区溢出的技术方案如何被利用的 - 甚至,你开始直接写汇编语言指令到存储区,这将是点你的程序的其他部分执行。
If you continue to learn about this subject you'll begin to understand how programs can be exploited using such "buffer overflow" techniques - even to the point where you begin to write assembly language instructions directly into areas of memory that will be executed by another part of your program.
当你到了这个阶段,你就获得了大量的智慧。但请道德和不使用它在宇宙中肆虐!
When you get to this stage you'll have gained much wisdom. But please be ethical and do not use it to wreak havoc in the universe!
PS当我说操作系统上面我真正的意思是操作系统与CPU特权相结合的访问。 CPU和MMU(内存管理单元)触发特定的中断或回调到操作系统中,如果一个进程试图使用尚未分配给该进程的页面。随后操作系统将完全关闭您的应用程序,并允许系统继续工作。在旧时代,之前的内存管理单元和特权的CPU指令,你可以几乎任何地方随时写入记忆 - 然后你的系统将在该存储器写的后果摆布完全
PS when I say "operating system" above I really mean "operating system in conjunction with privileged CPU access". The CPU and MMU (memory management unit) triggers particular interrupts or callbacks into the operating system if a process attempts to use a page that has not been allocated to that process. The operating system then cleanly shuts down your application and allows the system to continue functioning. In the old days, before memory management units and privileged CPU instructions, you could practically write anywhere in memory at any time - and then your system would be totally at the mercy of the consequences of that memory write!
这篇关于我可以用比我多少使用malloc分配更多的内存(),为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
