为什么更多的内存被分配到栈中的本地变量比C ++中所需要的要多？ [英] Why more memory is assigned to a local variable in stack than required in C++?

问题描述

我正在读缓冲区溢出。我在堆栈中发现了一个有关局部变量内存赋值的奇怪事情。

  int f1（）
 {
 char string1 [12]; 
 char string2 [4]; 
} 
  

这里的分配发生在堆栈上。

现在，在 GCC 中，string2分配了4个字节，但是如果我声明的不是2的幂（高达16），那么编译器会分配16个字节。这意味着如果我在3,5,6,7，...，15字节中分配字符串2，那么它由编译器分配16字节，但如果我分配1,2的功率，如1,2,4,8 ...那么它被分配完全相同的大小。如果我分配16个字节以上（不是2的幂），那么它分配32个字节（我猜最多32字节）。

在Visual Studio中，如果我分配1个字节然后分配9个字节，如果从2-4个字节开始，则分配12个字节，如果从5-8个字节开始，则16个字节由编译器分配。

任何人都知道为什么这样的任务？ Atleast在Visual Studio中，如果存在缓冲区溢出，我得到一个调试错误，但在gcc中没有任何反应。只有在发生过大的溢出时，GCC才会提供分段错误。

解决方案

堆栈帧大小受存储器对齐选择的影响， 32位代码为4，64位代码为8的倍数。

这两种编译器都可以通过 >，在函数入口初始化并在函数退出时检查的堆栈顶部有一个额外的32位值。如果Canary值发生改变，那么会发生程序中止，因为堆栈框架很可能被恶意代码破坏，这可能会改变函数返回地址并使其返回到任意位置。一个非常流行的恶意软件注入向量。

MSVC具有/ RTC选项，默认情况下在Debug配置中启用。在每个局部变量之间添加这些金丝雀。所以它可以检测每个变量的缓冲区溢出问题。

这些canary当然会占用额外的空间，影响堆栈的大小。

I was reading about buffer overflow. I found one strange thing about memory assignment of local variable on stack

int f1 ()
{
    char string1[12];
    char string2[4];
}

Here allocation is happening on the stack.

Now, In GCC string2 is allocated 4 bytes but if I declare other than power of 2 (upto 16)then it is allocated 16 bytes by the compiler. That means if I allocate string2 in 3,5,6,7,....,15 bytes then it is allocated 16 bytes by the compiler but if I allocate in power of 2 like 1,2,4,8... then it is allocated the exact same size. If I assign above 16 bytes (not power of 2) then it allocates 32 bytes (I guess upto 32 bytes).

Whereas in Visual Studio, If I allocate 1 byte then 9 bytes gets allocated, if from 2-4 bytes then 12 bytes gets allocated, if from 5-8 bytes then 16 bytes gets allocated by the compiler.

Anyone know why this kind of assignment???

Atleast In Visual studio, if there is buffer overflow I get a debug error but in gcc nothing happens. GCC only provides segmentation fault only if too large overflow happens.

解决方案

Stack frame sizes are affected by memory alignment choices, usually a multiple of 4 for 32-bit code and a multiple of 8 for 64-bit code.

Both compilers can include stack frame corruption checking with a canary, an extra 32-bit value at the top of the stack that is initialized at function entry and checked at function exit. If the canary value changed then a program abort occurs because the stack frame is likely to be corrupted, possibly by malicious code, that can alter the function return address and get it to return to an arbitrary location. A very popular malware injection vector.

MSVC has the /RTC option, enabled by default in the Debug configuration. Which adds these canaries in between every local variable. So it can detect buffer overflow problems on each individual variable.

These canaries of course take extra space, affecting the stack frame size.

这篇关于为什么更多的内存被分配到栈中的本地变量比C ++中所需要的要多？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！