指针经过缓冲区的末尾 [英] pointer past end of buffer
问题描述
许多C ++代码分配缓冲区并按如下方式初始化
开始和结束指针:
+ --------- ---------------------- +
+ +
+ -------- ----------------------- +
^ ^
| |
pStart pEnd
设置pEnd = pStart + bufLen
但是如果缓冲区是在非常结束的记忆
并且恰到好处。然后pEnd == MEM_MAX + 1 == 0
库用户可以通过创建一个合适大小的缓冲区来调整代码。这可以在实践中发生吗?
JG
* John Goche:
许多C ++代码分配缓冲区并初始化
开始和结束指针如下:
+ ------------------------------- +
+ +
+ ------------------------------- +
^ ^
| |
pStart pEnd
设置pEnd = pStart + bufLen
但是如果缓冲区是在非常结束的记忆
并且恰到好处。然后pEnd == MEM_MAX + 1 == 0
库用户可以通过创建一个合适大小的缓冲区来调整代码。这可以在实践中发生吗?
包装不能是/问题/使用符合标准的编译器。
实际上这样的包装不会(允许)发生。
但理论上,编译器可以允许这种情况并让你不知道它会发生,除非你做低级机器特定的事情检查
指针的位模式。
-
答:因为它弄乱了人们通常的顺序阅读文字。
问:为什么这么糟糕?
A:热门帖子。
问:什么是最烦人的usenet和电子邮件中的东西?
John Goche写道:
>很多C ++代码分配缓冲区并初始化
开始和结束指针如下:
+ ---------------- --------------- +
+ +
+ --------------- ---------------- +
^ ^
| |
pStart pEnd
设置pEnd = pStart + bufLen
但是如果缓冲区是在非常结束的记忆
并且恰到好处。然后pEnd == MEM_MAX + 1 == 0
库用户可以通过创建一个合适大小的缓冲区来调整代码。这可以在实践中发生吗?
据说C ++标准声明指向和索引
一个端到端的数组是明确定义的。 (复制出来的那个
伪造元素的值是未定义的,除非元素是一个字符,它只是垃圾。
只是垃圾。)
这意味着C ++实现可能不会,例如,在内存的末尾放置任何数组
,这样它的一个端到端的位置占用一个
溢出的指针值,或受硬件保护的存储位置。
此规则允许您注意到的所有习语,包括所有STL的
" asymetric extents" ;. 开始是指开始。任何东西必须是有效的元素,并且
结束必须使用 - 获得有效元素。
熟悉这种效果后,它变得模糊不清。但是
也非常有用!
-
Phlip
http://www.greencheese.us/ZeekLand < - 不是博客!!!
Alf P. Steinbach写道:
* John Goche:
但是,如果缓冲区分配在内存的最后部分
并且适合。然后pEnd == MEM_MAX + 1 == 0
库用户可以通过创建一个合适大小的缓冲区来调整代码。这可以在实践中发生吗?
包装不能是/问题/使用符合标准的编译器。
C ++标准中有什么说明这一点吗?
谢谢,
JG
A lot of C++ code allocates a buffer and initializes
start and end pointers as follows:
+-------------------------------+
+ +
+-------------------------------+
^ ^
| |
pStart pEnd
setting pEnd = pStart + bufLen
But what if the buffer is allocated at the very end of memory
and just fits. Then pEnd == MEM_MAX + 1 == 0 and so
library users could tamper with code by creating a buffer
of suitable size. Can this happen in practice?
JG
* John Goche:A lot of C++ code allocates a buffer and initializes
start and end pointers as follows:
+-------------------------------+
+ +
+-------------------------------+
^ ^
| |
pStart pEnd
setting pEnd = pStart + bufLen
But what if the buffer is allocated at the very end of memory
and just fits. Then pEnd == MEM_MAX + 1 == 0 and so
library users could tamper with code by creating a buffer
of suitable size. Can this happen in practice?The wrapping can not be a /problem/ with a conforming compiler.
And in practice such wrapping will not (be allowed to) happen.
But theoretically a compiler could allow that and make you unaware that
it happens unless you do low-level machine-specific things to inspect
the bit patterns of pointers.
--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
John Goche wrote:
>A lot of C++ code allocates a buffer and initializes
start and end pointers as follows:
+-------------------------------+
+ +
+-------------------------------+
^ ^
| |
pStart pEnd
setting pEnd = pStart + bufLen
But what if the buffer is allocated at the very end of memory
and just fits. Then pEnd == MEM_MAX + 1 == 0 and so
library users could tamper with code by creating a buffer
of suitable size. Can this happen in practice?The C++ Standard reputedly declares that pointing and indexing
one-off-the-end of an array is well-defined. (Copying out the value of that
bogus element is undefined, except if the element is a char, where it''s
simply garbage.)
That means a C++ implementation may not, for example, place any array right
at the end of memory, such that its one-off-the-end location occupies an
overflowed pointer value, or a storage location protected by hardware.
This rule permits all the idioms you have noted, including all of STL''s
"asymetric extents". The "start" of anything must be a valid element, and
the "end" must use -- to get to a valid element.
After you become familiar with this effect, it becomes vaguely elegant. But
also extremely useful!
--
Phlip
http://www.greencheese.us/ZeekLand <-- NOT a blog!!!
Alf P. Steinbach wrote:
* John Goche:
But what if the buffer is allocated at the very end of memory
and just fits. Then pEnd == MEM_MAX + 1 == 0 and so
library users could tamper with code by creating a buffer
of suitable size. Can this happen in practice?
The wrapping can not be a /problem/ with a conforming compiler.Is there something in the C++ standard that states this?
Thanks,
JG
这篇关于指针经过缓冲区的末尾的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
