定义指针静态字符串 [英] Defining pointer to static string

问题描述

在这里它表示，对于全局变量的格式如下：

In here it's said that for global variable the following form:

(1) const char *a = "...";

是不太好的比：

(2) const char a[] = "..."

为什么呢？我始终认为，（1）比较好，因为（2）实际上复制我们分配给它，而（1）仅指向它的字符串。

Why? I always thought that (1) is better, since (2) actually replicate the string we assign it, while (1) only points to it.

推荐答案

在LiveJournal的链接的理由是：（1）通过创建一个单独的指针变量，并在该指针变量的一个安全漏洞引入了一个间接的unneccesary水平可能被覆盖。假设下面的两个声明：

The argument at the livejournal link is that (1) introduces an unneccesary level of indirection by creating a separate pointer variable and a security hole in that the pointer variable may be overwritten. Assume the following two declarations:

char  *p = "This is a test";
char s[] = "This is a test";

假设这些声明是在文件范围内，从而既 P 和取值有静态的程度。

下面是显示一切是如何奠定了一个假设的内存映射：

Here's a hypothetical memory map showing how everything is laid out:

 
                    0x00  0x01  0x02  0x03
        0x00008000: 'T'   'h'   'i'   's'
        0x00008004: ' '   'i'   's'   ' '
        0x00008008: 'a'   ' '   't'   'e'
        0x0000800C: 's'   't'    0    ...
        ...
     p: 0x00010000: 0x00  0x00  0x80  0x00
     s: 0x00010004: 'T'   'h'   'i'   's'
        0x00010008: ' '   'i'   's'   ' '
        0x0001000C: 'a'   ' '   't'   'e'
        0x00010010: 's'   't'    0    ...

在链路psented的参数$ P $如下：

The arguments presented at the link are as follows:

1. 一个额外的变量 - P 从字符串不同的对象因为它是指;它不包含自身的字符串值，而取值做;


2. 更多攻击点，变量是可写的 - 有可能重新分配 P 指向其它地方（可能包含恶意$段C $ C），而不能重新分配取值。


3. 另外一个搬迁 - 不知道这是指（用于样的工作我做的，我从来没有真正担心在机器级别的性能，所以我不熟悉所有的术语）;


4. 获取字符串的地址需要一个内存负载和访问字符串本身需要两个内存负载 - 如果你通过阅读字符串 P ，首先你要加载的0x00010000在内容获取字符串的地址（0x00008000），那么你必须加载的0x00008000的内容来获取字符串值本身。如果你正在做一个的很多的，然后用一个字符数组，并切割出一个间接层可能导致noticable性能提升。

1. An additional variable -- p is a distinct object from the string to which it refers; it doesn't contain a string value on its own, whereas s does;
2. More attack points, the variable is writable -- it's possible to reassign p to point somewhere else (perhaps to a segment containing malicious code), whereas you cannot reassign s.
3. An additional relocation -- not sure what this is referring to (for the kind of work I do I've never really had to worry about performance at the machine level, so I'm not familiar with all the terminology);
4. Getting the string address requires a memory load and accessing the string itself requires two memory loads -- if you're reading the string through p, first you have to load the contents of 0x00010000 to get the string address (0x00008000), then you have to load the contents of 0x00008000 to get the string value itself. If you're doing that a lot, then using a char array and cutting out one level of indirection may result in a noticable performance boost.

总之，你交易，以提高速度和安全性一点记忆。当然，这是假定一个特定的操作环境，并可能不能普遍适用。

In summary, you trade a little memory for improved speed and security. Of course, this assumes a particular operating environment, and may not apply universally.

这篇关于定义指针静态字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！