越界访问数组有多危险? [英] How dangerous is it to access an array out of bounds?
问题描述
访问超出范围的数组(在 C 中)有多危险?有时可能会发生我从数组外部读取的情况(我现在明白我然后访问了我的程序的某些其他部分甚至超出该部分使用的内存),或者我试图为数组外部的索引设置一个值.程序有时会崩溃,但有时只是运行,只会给出意想不到的结果.
How dangerous is accessing an array outside of its bounds (in C)? It can sometimes happen that I read from outside the array (I now understand I then access memory used by some other parts of my program or even beyond that) or I am trying to set a value to an index outside of the array. The program sometimes crashes, but sometimes just runs, only giving unexpected results.
现在我想知道的是,这到底有多危险?如果它损坏了我的程序,那还不错.另一方面,如果它破坏了我的程序之外的某些东西,因为我以某种方式设法访问了一些完全不相关的内存,那么我想这是非常糟糕的.我读了很多任何事情都可能发生",的分段可能是最不严重的问题','你的硬盘可能会变成粉红色,独角兽可能在你的窗户下唱歌',这一切都很好,但真正的危险是什么?
Now what I would like to know is, how dangerous is this really? If it damages my program, it is not so bad. If on the other hand it breaks something outside my program, because I somehow managed to access some totally unrelated memory, then it is very bad, I imagine. I read a lot of 'anything can happen', 'segmentation might be the least bad problem', 'your hard disk might turn pink and unicorns might be singing under your window', which is all nice, but what is really the danger?
我的问题:
- 从数组外部读取值是否会损坏任何东西除了我的程序?我会想象只是看着事情不改变任何东西,或者它会改变最后一次我碰巧到达的文件的已打开'属性?
- 设置数组之外的值是否会损坏除我之外的任何东西程序?由此堆栈溢出问题 我认为可以访问任何内存位置,没有安全保证.
- 我现在从 XCode 中运行我的小程序.是吗在我的程序无法做到的地方提供一些额外的保护到达自己的记忆之外?它会损害 XCode 吗?
- 对于如何安全地运行我固有的错误代码有什么建议吗?
- Can reading values from way outside the array damage anything apart from my program? I would imagine just looking at things does not change anything, or would it for instance change the 'last time opened' attribute of a file I happened to reach?
- Can setting values way out outside of the array damage anything apart from my program? From this Stack Overflow question I gather that it is possible to access any memory location, that there is no safety guarantee.
- I now run my small programs from within XCode. Does that provide some extra protection around my program where it cannot reach outside its own memory? Can it harm XCode?
- Any recommendations on how to run my inherently buggy code safely?
我使用 OSX 10.7、Xcode 4.6.
I use OSX 10.7, Xcode 4.6.
推荐答案
就 ISO C 标准(语言的官方定义)而言,访问超出其边界的数组具有未定义行为".这句话的字面意思是:
As far as the ISO C standard (the official definition of the language) is concerned, accessing an array outside its bounds has "undefined behavior". The literal meaning of this is:
行为,在使用不可移植或错误的程序结构时,或错误数据,本国际标准对此没有强加要求
behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which this International Standard imposes no requirements
非规范性说明对此进行了扩展:
A non-normative note expands on this:
可能的未定义行为范围从忽略情况完全出乎意料的结果,翻译过程中的行为或以文件化的方式执行程序的特征环境(无论是否发出诊断消息),终止翻译或执行(签发诊断消息).
Possible undefined behavior ranges from ignoring the situation completely with unpredictable results, to behaving during translation or program execution in a documented manner characteristic of the environment (with or without the issuance of a diagnostic message), to terminating a translation or execution (with the issuance of a diagnostic message).
这就是理论.实际情况如何?
So that's the theory. What's the reality?
在最佳"情况下,您将访问一些属于您当前正在运行的程序(这可能会导致您的程序行为异常)或不属于您当前运行的程序的内存.正在运行的程序(这可能会导致您的程序因分段错误之类的问题而崩溃).或者您可能会尝试写入您的程序拥有的内存,但它被标记为只读;这也可能会导致您的程序崩溃.
In the "best" case, you'll access some piece of memory that's either owned by your currently running program (which might cause your program to misbehave), or that's not owned by your currently running program (which will probably cause your program to crash with something like a segmentation fault). Or you might attempt to write to memory that your program owns, but that's marked read-only; this will probably also cause your program to crash.
那是假设您的程序在一个操作系统下运行,该操作系统试图保护并发运行的进程免受彼此的影响.如果您的代码在裸机"上运行,比如说它是操作系统内核或嵌入式系统的一部分,那么就没有这样的保护;您行为不端的代码应该提供这种保护.在这种情况下,损坏的可能性要大得多,包括在某些情况下对硬件(或附近的东西或人)造成物理损坏.
That's assuming your program is running under an operating system that attempts to protect concurrently running processes from each other. If your code is running on the "bare metal", say if it's part of an OS kernel or an embedded system, then there is no such protection; your misbehaving code is what was supposed to provide that protection. In that case, the possibilities for damage are considerably greater, including, in some cases, physical damage to the hardware (or to things or people nearby).
即使在受保护的操作系统环境中,保护也不总是 100%.例如,存在允许非特权程序获得 root(管理)访问权限的操作系统错误.即使具有普通用户权限,出现故障的程序也会消耗过多资源(CPU、内存、磁盘),可能会导致整个系统瘫痪.许多恶意软件(病毒等)利用缓冲区溢出来未经授权访问系统.
Even in a protected OS environment, the protections aren't always 100%. There are operating system bugs that permit unprivileged programs to obtain root (administrative) access, for example. Even with ordinary user privileges, a malfunctioning program can consume excessive resources (CPU, memory, disk), possibly bringing down the entire system. A lot of malware (viruses, etc.) exploits buffer overruns to gain unauthorized access to the system.
(一个历史例子:我听说在一些具有核心内存的旧系统上,在紧密循环中重复访问单个内存位置可能会导致那块内存融化.其他可能性包括破坏 CRT 显示器,以及以驱动器柜的谐波频率移动磁盘驱动器的读/写磁头,导致它走过一张桌子然后掉到地板上.)
(One historical example: I've heard that on some old systems with core memory, repeatedly accessing a single memory location in a tight loop could literally cause that chunk of memory to melt. Other possibilities include destroying a CRT display, and moving the read/write head of a disk drive with the harmonic frequency of the drive cabinet, causing it to walk across a table and fall onto the floor.)
而且总是需要担心天网.
底线是这样的:如果你可以编写一个程序来故意做一些坏事,那么至少理论上有缺陷的程序可以意外地做同样的事情.
The bottom line is this: if you could write a program to do something bad deliberately, it's at least theoretically possible that a buggy program could do the same thing accidentally.
在实践中,您在 MacOS X 系统上运行的错误程序不太可能发生比崩溃更严重的事情.但是不可能完全阻止有缺陷的代码做非常糟糕的事情.
In practice, it's very unlikely that your buggy program running on a MacOS X system is going to do anything more serious than crash. But it's not possible to completely prevent buggy code from doing really bad things.
这篇关于越界访问数组有多危险?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
