我可以使用比使用 malloc() 分配的内存更多的内存,为什么? [英] I can use more memory than how much I've allocated with malloc(), why?
问题描述
char *cp = (char *) malloc(1);
strcpy(cp, "123456789");
puts(cp);
在 gcc (Linux) 和 Visual C++ Express 上的输出都是123456789",这是否意味着当有空闲内存时,我实际上可以使用比我使用 malloc() 分配的更多的内存?
output is "123456789" on both gcc (Linux) and Visual C++ Express, does that mean when there is free memory, I can actually use more than what I've allocated with malloc()?
以及为什么 malloc(0) 不会导致运行时错误?
and why malloc(0) doesn't cause runtime error?
谢谢.
推荐答案
您提出了一个非常好的问题,也许这会激起您对操作系统的兴趣.您已经知道您已经设法使用此代码实现了您通常不会期望做的事情.所以你永远不会在你想要移植的代码中这样做.
You've asked a very good question and maybe this will whet your appetite about operating systems. Already you know you've managed to achieve something with this code that you wouldn't ordinarily expect to do. So you would never do this in code you want to make portable.
更具体地说,这完全取决于您的操作系统和 CPU 架构,操作系统会为您的程序分配页面"内存 - 通常这可能是 4 KB 的数量级.操作系统是页面的守护者,它将立即终止任何试图访问尚未分配的页面的程序.
To be more specific, and this depends entirely on your operating system and CPU architecture, the operating system allocates "pages" of memory to your program - typically this can be in the order of 4 kilobytes. The operating system is the guardian of pages and will immediately terminate any program that attempts to access a page it has not been assigned.
malloc 不是操作系统函数,而是 C 库调用.它可以通过多种方式实现.您对 malloc 的调用很可能导致来自操作系统的页面请求.然后 malloc 会决定给你一个指向该页面内单个字节的指针.当您从给定位置写入内存时,您只是在操作系统授予您的程序的页面"中写入,因此操作系统不会看到任何错误.
malloc, on the other hand, is not an operating system function but a C library call. It can be implemented in many ways. It is likely that your call to malloc resulted in a page request from the operating system. Then malloc would have decided to give you a pointer to a single byte inside that page. When you wrote to the memory from the location you were given you were just writing in a "page" that the operating system had granted your program, and thus the operating system will not see any wrong doing.
当您继续调用 malloc 来分配更多内存时,当然会出现真正的问题.它最终将返回指向您刚刚写入的位置的指针.当您写入合法的内存位置(从操作系统的角度来看)但可能覆盖程序的另一部分也将使用的内存时,这称为缓冲区溢出".
The real problems, of course, will begin when you continue to call malloc to assign more memory. It will eventually return pointers to the locations you just wrote over. This is called a "buffer overflow" when you write to memory locations that are legal (from an operating system perspective) but could potentially be overwriting memory another part of the program will also be using.
如果您继续学习这个主题,您将开始了解如何使用这种缓冲区溢出"技术来利用程序 - 甚至到您开始将汇编语言指令直接写入内存区域的程度由程序的另一部分执行.
If you continue to learn about this subject you'll begin to understand how programs can be exploited using such "buffer overflow" techniques - even to the point where you begin to write assembly language instructions directly into areas of memory that will be executed by another part of your program.
当你到达这个阶段时,你会获得很多智慧.但请保持道德,不要用它在宇宙中造成严重破坏!
When you get to this stage you'll have gained much wisdom. But please be ethical and do not use it to wreak havoc in the universe!
PS 当我在上面说操作系统"时,我的真正意思是操作系统与特权 CPU 访问相结合".如果进程尝试使用尚未分配给该进程的页面,CPU 和 MMU(内存管理单元)会触发特定的中断或回调进入操作系统.然后操作系统干净地关闭您的应用程序并允许系统继续运行.在过去,在内存管理单元和特权 CPU 指令出现之前,您几乎可以随时在内存中的任何位置写入 - 然后您的系统将完全受制于内存写入的后果!
PS when I say "operating system" above I really mean "operating system in conjunction with privileged CPU access". The CPU and MMU (memory management unit) triggers particular interrupts or callbacks into the operating system if a process attempts to use a page that has not been allocated to that process. The operating system then cleanly shuts down your application and allows the system to continue functioning. In the old days, before memory management units and privileged CPU instructions, you could practically write anywhere in memory at any time - and then your system would be totally at the mercy of the consequences of that memory write!
这篇关于我可以使用比使用 malloc() 分配的内存更多的内存,为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
