2/9/18. Secure Coding. CYSE 411/AIT681 Secure Software Engineering. Agenda. Dynamic Memory Interface. Dynamic Memory Interface
|
|
- Anthony Randall
- 5 years ago
- Views:
Transcription
1 Secure Coding CYSE 411/AIT681 Secure Software Engineering Topic #9. Secure Coding: Dynamic Memory Instructor: Dr. Kun Sun String management Pointer Subterfuge Dynamic memory management Integer security Formatted output Race conditions Web security 2 Agenda Dynamic Memory Interface Programmer View of Dynamic Memory Dynamic memory functions Dynamic memory manager Common Errors Common Implementations and Exploits Doug Lea s Memory Allocator RtlHeap Mitigation Strategies Memory allocation in C: calloc() malloc() realloc() Memory deallocation in C: free() Memory allocation in C++ new operator. Memory deallocation in C++ delete operator. 3 4 Dynamic Memory Interface malloc(size_t size); Allocates size bytes and returns a pointer to the allocated memory. The memory is not cleared. free(void * p); Frees the memory space pointed to by p, which must have been returned by a previous call to malloc(), calloc(), or realloc(). If free(p) has already been called before, undefined behavior occurs. If p is NULL, no operation is performed. Dynamic Memory Interface realloc(void *p, size_t size); Changes the size of the memory block pointed to by p to size bytes. The contents will be unchanged to the minimum of the old and new sizes. Newly allocated memory will be uninitialized. If p is NULL, the call is equivalent to malloc(size). if size is equal to zero, the call is equivalent to free(p). Unless p is NULL, it must have been returned by an earlier call to malloc(), calloc(), or realloc()
2 Dynamic Memory Interface calloc(size_t nmemb, size_t size); Allocates memory for an array of nmemb elements of size bytes each and returns a pointer to the allocated memory. The memory is set to zero. How to make calloc() faster? One solution: 1. When OS gets any idle CPU time, it runs a simple process that goes around and zeroes out deallocated blocks of memory, and marks those blocks with a flag. 2. When calloc() is called, the OS first tries to find one of such prezeroed blocks and returns it. Memory Managers Manage both allocated and deallocated memory. Run as part of the client process. Use a variant of the dynamic storage allocation algorithm described by Knuth. Memory allocated for the client process and memory allocated for internal use, is all within the addressable memory space of the client process. 7 8 Memory Managers Buddy System Methods Buddy systems only allocate blocks of size 2 i. If request is for block of size m, allocate instead block of size 2 [log2 m]+1 or if necessary larger. When blocks are returned, try to coalesce them with their buddy, an adjacent block of the same size. Buddy System Example Memory Managers coalesce 9 10 Common Dynamic Memory Errors Initialization errors Failing to check return values Writing to already freed memory Freeing the same memory multiple times Improperly paired memory management functions Improper use of allocation functions Initialization Initialization Programmer assumes that malloc() zeroes block. Initializing large blocks of memory can impact performance and is not always necessary. Programmers have to initialize memory using memset() or by calling calloc(), which zeros the memory
3 Initialization Errors Sun Tarball Vulnerability /* return y = Ax */ int *matvec(int **A, int *x, int n) { int *y = malloc(n * sizeof(int)); int i, j; for (i = 0; i < n; i++) for (j = 0; j < n; j++) return y; y[i] += A[i][j] * x[j]; y[i] is initially zero, right? Vulnerability before tar The tar utility failed to initialize the dynamically allocated memory for reading a block of data from the disk. The last block may contain extra bytes from /etc/passwdfile To fix this problem if (sizeleft < bufsize) { /* Last read -- zero out area beyond.*/ bufsize = (int) sizeleft; count = bufsize % RECORDSIZE; if (count) memset (start->charptr + sizeleft, 0, (size_t) (RECORDSIZE -count)); Failing to Check Return Values Memory is a limited resource and can be exhausted. Memory allocation functions report status back to the caller. The application programmer should: determine when an error has occurred. handle the error in an appropriate manner. Check for Return Value of Malloc Standard malloc() function returns a NULL pointer if the requested space cannot be allocated. when memory cannot be allocated a consistent recovery plan is required: Even if the program just terminates with an error message int *i_ptr; i_ptr = (int *)malloc(sizeof(int)*nelements_wanted); if (i_ptr!= NULL) { i_ptr[i] = i; else { /* Couldn't get the memory - recover */ Referencing Freed Memory (Example) Referring to Freed Memory for (p = head; p!= NULL; p = p->next) free(p); for (p = head; p!= NULL; p = q) { q = p->next; free(p); wrong: accessing freed memory correct: using a temp variable Unlikely to result in a runtime error because memory is owned by the memory manager of the program. Freed memory can be allocated before a read. Read reads incorrect values. Writes destroy some other variable. Freed memory can be used by the memory manager. Writes can destroy memory manager metadata. Difficult to diagnose run-time errors. Basis for an exploit
4 Freeing Memory Multiple Times (1) Double-free: freeing the same chunk of memory twice, without it being reallocated in between Typical due to copy and past error Freeing Memory Multiple Times (2) Two linked list data structures can contain links to the shared common elements What happens if both lists are freed? several memory chunks will be freed twice In general, memory leaks are safer than double frees. x = malloc(n * sizeof(int)); /* manipulate x */ free(x); y = malloc(n * sizeof(int)); /* manipulate y */ free(x); Freeing Memory Multiple Times (3) Error processing Same memory chunk might be freed by the error handler phy has been allocated with 'devm_kzalloc', so we should not free it using an explicit 'kfree. A double free if the allocation of 'in_buf' fails. in_buf = kzalloc(in_buf_len, GFP_KERNEL); if (!in_buf) { rc = -ENOMEM; goto out_free_phy; phy->udev = usb_get_dev(interface_to_usbdev(interface)) ; phy->interface = interface; kfree(in_buf); out_free_phy: kfree(phy); return rc; in_buf = kzalloc(in_buf_len, GFP_KERNEL); if (!in_buf) return -ENOMEM; phy->udev = usb_get_dev(interface_to_usbde v(interface)); phy->interface = interface; kfree(in_buf); return rc; 21 Free chunks are kept in bins. Addressed by head. Chunks in bins are of approximately same size. Additional bin for recently freed memory. Free Chunks in dlmalloc Forward pointer to first chunk in list head element or last 4 bytes of prev. Forward pointer to next Back pointer to prev. Unused space : or last 4 bytes of prev. Forward pointer to next Back pointer to prev. Unused space : or last 4 bytes of prev. Forward pointer to next Back pointer to prev. : What behind malloc()? The unlink() macro removes a chunk from the double-linked list. 1. #define unlink(p, BK, FD) { \ 2. FD = P->fd; \ 3. BK = P->bk; \ 4. FD->bk = BK; \ BK->fd = FD; \ 6. What behind free()? When a chunk of memory is freed, it must be linked into the appropriate double-linked list in descending size order. See frontlink() code. 1. BK = bin; 2. FD = BK->fd; 3. if (FD!= BK) { 4. while (FD!= BK && S < chunksize(fd)) { FD = FD->fd; BK = FD->bk; P->bk = BK; 10. P->fd = FD; 11. FD->bk = BK->fd = P;
5 Double Free Success Conditions For a double-free exploit to be successful, two conditions must be met: The chunk to be freed must be isolated in memory (the adjacent chunks must be allocated). The bin into which the chunk is to be placed must be empty. Initial Conditions Empty Bin and Allocated Chunk The empty bin consists only of a header. The bin has no connection with the allocated chunk. bin-> Forward pointer to first chunk in list P-> of previous chunk, if unallocated of chunk, in bytes P User data : When P is Freed After the chunk is freed, it is put into the bin. The bin s forward and backward pointer point to the freed chunk. When P is freed the Second Time The second call to free on this chunk corrupts the bin structure. The bin's forward and back pointers still reference the chunk, but the chunk's forward and back pointers become selfreferential. bin-> Forward pointer to first chunk in list bin-> Forward pointer to first chunk in list P-> of previous chunk, if unallocated of chunk, in bytes P Forward pointer to next chunk in list Back pointer to previous chunk in list Unused space (may be 0 bytes long) of chunk BK = bin; 2. FD = BK->fd; 3. if (FD!= BK) { 4. while (FD!= BK && S < chunksize(fd)) { FD = FD->fd; BK = FD->bk; P->bk = BK; 10. P->fd = FD; 11. FD->bk = BK->fd = P; P-> of previous chunk, if unallocated of chunk, in bytes P Forward pointer to next chunk in list Back pointer to previous chunk in list Unused space (may be 0 bytes long) of chunk 28 When Request Memory Chunk of Same Invoking the unlink() macro to remove the chunk from the bin leaves the pointers unchanged, instead of the chunk being removed from the bin. As a result, if additional requests are made to allocate a chunk of the same size, the same chunk is returned over and over again. bin-> Forward pointer to first chunk in list Exploits This structure is exploitable. Real-world examples exist (see later). The technique is difficult. Freed chunks are not immediately put into a bin, but are cached. The double-freed chunk could be consolidated with other chunks. 1. #define unlink(p, BK, FD) { \ 2. FD = P->fd; \ 3. BK = P->bk; \ 4. FD->bk = BK; \ BK->fd = FD; \ 6. P-> of previous chunk, if unallocated of chunk, in bytes P Forward pointer to next chunk in list Back pointer to previous chunk in list Unused space (may be 0 bytes long) of chunk
6 Double-free Exploit Code 22. *((void **)(sixth+0))=(void *)(GOT_LOCATION- 12); 23. *((void **)(sixth+4))=(void *)shellcode_location; The target of this exploit is the first chunk allocated (line 13) When first is initially freed, it is put into a cache bin rather than a regular one 31 Allocating the second and fourth chunks prevents the third chunk from being consolidated Freeing the third chunk moves the first chunk to a regular bin. 32 Allocating the fifth chunk causes memory to be split off from the third chunk and, as a side effect, this results in the first chunk being moved to a regular bin Memory is now configured so that freeing the first chunk a second time sets up the double-free vulnerability When the sixth chunk is allocated, malloc() returns a pointer to the same chunk referenced by first The GOT address of the strcpy() function (minus 12) and the shellcode location are copied into this memory (lines 22-23)
7 The same memory chunk is allocated yet again as the seventh chunk on line when the chunk is allocated, the unlink() macro has the effect of copying the address of the shellcode into the address of the strcpy() function in the global offset table 38 When strcpy() is called control is transferred to the shell code. Writing to Freed Memory Writing to freed memory can also lead to vulnerabilities Almost identical example //free(first); 22. *((void **)(first+0))=(void *)(GOT_LOCATION-12); 23. *((void **)(first+4))=(void *)shellcode_location; 24. sixth = (void *)malloc(256); No double free. But a write to first. Call to malloc() replaces the address of stringcpy() with the address of the shellcode. Call to strcpy invokes the shellcode. Improperly Faired Memory Management Functions Always use new delete malloc free Improper pairing can work on some platforms sometimes, but code is not portable
8 Improper Use of Allocation Functions malloc(0) Can lead to memory management errors. A C runtime library can return a NULL pointer or return a pseudo-address The safest and most portable solution is to ensure zero-length allocation requests are not made. Mitigation Strategies NULL pointer Simplest strategy that prevents most dynamic memory errors. After a call to free, set the memory pointer to NULL. Prevents writing to freed memory. double-freeing memory. Does not prevent problems when pointer aliasing. Two pointers to the same structure. Consistency Use the same patterns for allocating and freeing memory. Allocate and deallocate in the same module, at the same level of abstraction. Match allocations and deallocations Summary Dynamic memory management in C and C++ programs is prone to software defects and security flaws. While heap-based vulnerabilities can be more difficult to exploit than their stack-based counterparts, programs with memory-related security flaws can still be vulnerable to attack. A combination of good programming practices and dynamic analysis can help to identify and eliminate these security flaws during development. 45 8
Secure Coding in C and C++ Dynamic Memory Management Lecture 5 Jan 29, 2013
Secure Coding in C and C++ Dynamic Memory Management Lecture 5 Jan 29, 2013 Acknowledgement: These slides are based on author Seacord s original presentation Issues Dynamic Memory Management Common Dynamic
More informationSecure Coding in C and C++
Secure Coding in C and C++ Dynamic Memory Management Lecture 5 Sept 21, 2017 Acknowledgement: These slides are based on author Seacord s original presentation Issues Dynamic Memory Management Common Dynamic
More informationAgenda. Dynamic Memory Management. Robert C. Seacord. Secure Coding in C and C++
Dynamic Memory Management Secure Coding in C and C++ Robert C. Seacord CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 The CERT Coordination
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Heap Buffer Overflows and Format String Vulnerabilities Secure Software
More informationLecture 07 Heap control data. Stephen Checkoway University of Illinois at Chicago
Lecture 07 Heap control data Stephen Checkoway University of Illinois at Chicago Layout of program memory Heap is managed by malloc - Many different malloc implementations - glibc uses a modified version
More informationDynamic Memory Allocation (and Multi-Dimensional Arrays)
Dynamic Memory Allocation (and Multi-Dimensional Arrays) Professor Hugh C. Lauer CS-2303, System Programming Concepts (Slides include materials from The C Programming Language, 2 nd edition, by Kernighan
More informationmalloc() is often used to allocate chunk of memory dynamically from the heap region. Each chunk contains a header and free space (the buffer in which
Heap Overflow malloc() is often used to allocate chunk of memory dynamically from the heap region. Each chunk contains a header and free space (the buffer in which data are placed). The header contains
More informationLecture 8 Dynamic Memory Allocation
Lecture 8 Dynamic Memory Allocation CS240 1 Memory Computer programs manipulate an abstraction of the computer s memory subsystem Memory: on the hardware side 3 @ http://computer.howstuffworks.com/computer-memory.htm/printable
More informationDynamic Memory Allocation
Dynamic Memory Allocation CS61, Lecture 10 Prof. Stephen Chong October 4, 2011 Announcements 1/2 Assignment 4: Malloc Will be released today May work in groups of one or two Please go to website and enter
More informationMemory (Stack and Heap)
Memory (Stack and Heap) Praktikum C-Programmierung Nathanael Hübbe, Eugen Betke, Michael Kuhn, Jakob Lüttgau, Jannek Squar Wissenschaftliches Rechnen Fachbereich Informatik Universität Hamburg 2018-12-03
More informationo Code, executable, and process o Main memory vs. virtual memory
Goals for Today s Lecture Memory Allocation Prof. David August COS 217 Behind the scenes of running a program o Code, executable, and process o Main memory vs. virtual memory Memory layout for UNIX processes,
More informationProcess s Address Space. Dynamic Memory. Backing the Heap. Dynamic memory allocation 3/29/2013. When a process starts the heap is empty
/9/01 Process s Address Space Dynamic Memory 0x7fffffff Stack Data (Heap) Data (Heap) 0 Text (Code) Backing the Heap When a process starts the heap is empty The process is responsible for requesting memory
More informationDynamic Memory Allocation I Nov 5, 2002
15-213 The course that gives CMU its Zip! Dynamic Memory Allocation I Nov 5, 2002 Topics Simple explicit allocators Data structures Mechanisms Policies class21.ppt Harsh Reality Memory is not unbounded
More informationCS 33. Intro to Storage Allocation. CS33 Intro to Computer Systems XXVI 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.
CS 33 Intro to Storage Allocation CS33 Intro to Computer Systems XXVI 1 Copyright 2017 Thomas W. Doeppner. All rights reserved. A Queue head typedef struct list_element { int value; struct list_element
More informationIn Java we have the keyword null, which is the value of an uninitialized reference type
+ More on Pointers + Null pointers In Java we have the keyword null, which is the value of an uninitialized reference type In C we sometimes use NULL, but its just a macro for the integer 0 Pointers are
More informationDynamic Memory Allocation I
Dynamic Memory Allocation I William J. Taffe Plymouth State University Using the Slides of Randall E. Bryant Carnegie Mellon University Topics Simple explicit allocators Data structures Mechanisms Policies
More informationDynamic Memory Allocation: Basic Concepts
Dynamic Memory Allocation: Basic Concepts 15-213: Introduction to Computer Systems 19 th Lecture, March 30, 2017 Instructor: Franz Franchetti & Seth Copen Goldstein 1 Today Basic concepts Implicit free
More informationIntroduction to Computer Systems /18 243, fall th Lecture, Oct. 22 th
Introduction to Computer Systems 15 213/18 243, fall 2009 16 th Lecture, Oct. 22 th Instructors: Gregory Kesden and Markus Püschel Today Dynamic memory allocation Process Memory Image %esp kernel virtual
More informationDynamic Memory Management. Bin Li Assistant Professor Dept. of Electrical, Computer and Biomedical Engineering University of Rhode Island
Dynamic Memory Management Bin Li Assistant Professor Dept. of Electrical, Computer and Biomedical Engineering University of Rhode Island 1 Dynamic Memory Allocation Dynamic memory allocation is used to
More informationDynamic Memory Allocation: Basic Concepts
Dynamic Memory Allocation: Basic Concepts CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGİN Slides adapted from Bryant & O Hallaron s slides 1 Today Basic concepts Implicit free lists
More informationDynamic Memory Allocation. Gerson Robboy Portland State University. class20.ppt
Dynamic Memory Allocation Gerson Robboy Portland State University class20.ppt Harsh Reality Memory is not unbounded It must be allocated and managed Many applications are memory dominated Especially those
More informationC Structures & Dynamic Memory Management
C Structures & Dynamic Memory Management Goals of this Lecture Help you learn about: Structures and unions Dynamic memory management Note: Will be covered in precepts as well We look at them in more detail
More informationPrinceton University Computer Science 217: Introduction to Programming Systems. Dynamic Memory Management
Princeton University Computer Science 217: Introduction to Programming Systems Dynamic Memory Management 1 Goals of this Lecture Help you learn about: The need for dynamic* memory mgmt (DMM) Implementing
More informationCSE 127 Computer Security
CSE 127 Computer Security Stefan Savage, Spring 2018, Lecture 6 Low Level Software Security IV: Heap Corruption Memory management in C The C programming language uses explicit memory management Data is
More informationIntrusion Detection and Malware Analysis
Intrusion Detection and Malware Analysis Host Based Attacks Pavel Laskov Wilhelm Schickard Institute for Computer Science Software security threats Modification of program code viruses and self-replicating
More informationToday. Dynamic Memory Allocation: Basic Concepts. Dynamic Memory Allocation. Dynamic Memory Allocation. malloc Example. The malloc Package
Today Dynamic Memory Allocation: Basic Concepts Basic concepts Performance concerns Approach 1: implicit free lists CSci 01: Machine Architecture and Organization October 17th-nd, 018 Your instructor:
More information14. Memory API. Operating System: Three Easy Pieces
14. Memory API Oerating System: Three Easy Pieces 1 Memory API: malloc() #include void* malloc(size_t size) Allocate a memory region on the hea. w Argument size_t size : size of the memory block(in
More informationDynamic Memory Allocation
Dynamic Memory Allocation CS61, Lecture 11 Prof. Stephen Chong October 6, 2011 Announcements 1/2 Reminder: No section on Monday Monday sections have been rescheduled See website for details Please attend
More informationMemory Management. CSC215 Lecture
Memory Management CSC215 Lecture Outline Static vs Dynamic Allocation Dynamic allocation functions malloc, realloc, calloc, free Implementation Common errors Static Allocation Allocation of memory at compile-time
More informationDynamic Memory Allocation. Zhaoguo Wang
Dynamic Memory Allocation Zhaoguo Wang Why dynamic memory allocation? Do not know the size until the program runs (at runtime). #define MAXN 15213 int array[maxn]; int main(void) { int i, n; scanf("%d",
More informationANITA S SUPER AWESOME RECITATION SLIDES
ANITA S SUPER AWESOME RECITATION SLIDES 15/18-213: Introduction to Computer Systems Dynamic Memory Allocation Anita Zhang, Section M UPDATES Cache Lab style points released Don t fret too much Shell Lab
More informationToday. Dynamic Memory Allocation: Basic Concepts. Dynamic Memory Allocation. Dynamic Memory Allocation. malloc Example. The malloc Package
Today Dynamic Memory Allocation: Basic Concepts Basic concepts Performance concerns Approach 1: implicit free lists CSci 01: Machine Architecture and Organization Lecture #9, April th, 016 Your instructor:
More informationDynamic Memory Management
Dynamic Memory Management 1 Goals of this Lecture Help you learn about: Dynamic memory management techniques Garbage collection by the run-time system (Java) Manual deallocation by the programmer (C, C++)
More informationPrinceton University. Computer Science 217: Introduction to Programming Systems. Dynamic Memory Management
Princeton University Computer Science 217: Introduction to Programming Systems Dynamic Memory Management 1 Agenda The need for DMM DMM using the heap section DMMgr 1: Minimal implementation DMMgr 2: Pad
More informationHeap Off by 1 Overflow Illustrated. Eric Conrad October 2007
Heap Off by 1 Overflow Illustrated Eric Conrad October 2007 1 The Attack Older CVS versions are vulnerable to an Off by 1 attack, where an attacker may insert one additional character into the heap CVS
More informationDynamically Allocated Memory in C
Dynamically Allocated Memory in C All throughout the C course (COP 3223), all examples of variable declarations were statically allocated memory. The word static means not changing while the word dynamic
More informationCSC 1600 Memory Layout for Unix Processes"
CSC 16 Memory Layout for Unix Processes" 1 Lecture Goals" Behind the scenes of running a program" Code, executable, and process" Memory layout for UNIX processes, and relationship to C" : code and constant
More informationMemory Management. CS449 Fall 2017
Memory Management CS449 Fall 2017 Life9mes Life9me: 9me from which a par9cular memory loca9on is allocated un9l it is deallocated Three types of life9mes Automa9c (within a scope) Sta9c (dura9on of program)
More informationDnmaloc: a more secure memory allocator
Dnmaloc: a more secure memory allocator 28 September 2005 Yves Younan, Wouter Joosen, Frank Piessens and Hans Van den Eynden DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium
More informationDynamic Memory Allocation. Basic Concepts. Computer Organization 4/3/2012. CSC252 - Spring The malloc Package. Kai Shen
Dynamic Memory Allocation: Basic Concepts Kai Shen Dynamic Memory Allocation Programmers use dynamic memory allocators (such as malloc) to acquire memory at run time. For data structures whose size is
More informationCYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 Secure Coding String management Pointer Subterfuge
More information2/9/18. CYSE 411/AIT681 Secure Software Engineering. Readings. Secure Coding. This lecture: String management Pointer Subterfuge
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 String management Pointer Subterfuge Secure
More informationDynamic Allocation of Memory
Dynamic Allocation of Memory Lecture 5 Section 9.8 Robb T. Koether Hampden-Sydney College Wed, Jan 24, 2018 Robb T. Koether (Hampden-Sydney College) Dynamic Allocation of Memory Wed, Jan 24, 2018 1 / 34
More informationBBM 201 DATA STRUCTURES
BBM 201 DATA STRUCTURES Lecture 8: Dynamically Allocated Linked Lists 2017-2018 Fall int x; x = 8; int A[4]; An array is stored as one contiguous block of memory. How can we add a fifth element to the
More information19-Nov CSCI 2132 Software Development Lecture 29: Linked Lists. Faculty of Computer Science, Dalhousie University Heap (Free Store)
Lecture 29 p.1 Faculty of Computer Science, Dalhousie University CSCI 2132 Software Development Lecture 29: Linked Lists 19-Nov-2018 Location: Chemistry 125 Time: 12:35 13:25 Instructor: Vlado Keselj Previous
More informationDynamic Memory Allocation
Dynamic Memory Allocation Computer Systems Organization (Spring 2017) CSCI-UA 201, Section 3 Instructor: Joanna Klukowska Slides adapted from Randal E. Bryant and David R. O Hallaron (CMU) Mohamed Zahran
More informationMemory Allocator Security
Memory Allocator Security Yves Younan, Wouter Joosen, Frank Piessens and Hans Van den Eynden DistriNet, Department of Computer Science Katholieke Universiteit Leuven Belgium Yves.Younan@cs.kuleuven.ac.be
More informationMemory Allocation in C C Programming and Software Tools. N.C. State Department of Computer Science
Memory Allocation in C C Programming and Software Tools N.C. State Department of Computer Science The Easy Way Java (JVM) automatically allocates and reclaims memory for you, e.g... Removed object is implicitly
More informationDynamic Memory Allocation
1 Dynamic Memory Allocation Anne Bracy CS 3410 Computer Science Cornell University Note: these slides derive from those by Markus Püschel at CMU 2 Recommended Approach while (TRUE) { code a little; test
More informationCMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING
CMSC 313 COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE PROGRAMMING LECTURE 16, SPRING 2013 TOPICS TODAY Project 6 Perils & Pitfalls of Memory Allocation C Function Call Conventions in Assembly Language PERILS
More informationDynamic Memory Allocation
Dynamic Memory Allocation Harsh Reality Memory Matters Memory is not unbounded (Statically reserving the maximum amount of global memory is NOT good!) It must be allocated and managed Many applications
More informationProgramming. Pointers, Multi-dimensional Arrays and Memory Management
Programming Pointers, Multi-dimensional Arrays and Memory Management Summary } Computer Memory } Pointers } Declaration, assignment, arithmetic and operators } Casting and printing pointers } Relationship
More informationCSCI-UA /2. Computer Systems Organization Lecture 19: Dynamic Memory Allocation: Basics
Slides adapted (and slightly modified) from: Clark Barrett Jinyang Li Randy Bryant Dave O Hallaron CSCI-UA.0201-001/2 Computer Systems Organization Lecture 19: Dynamic Memory Allocation: Basics Mohamed
More informationCOSC Software Engineering. Lectures 14 and 15: The Heap and Dynamic Memory Allocation
COSC345 2013 Software Engineering Lectures 14 and 15: The Heap and Dynamic Memory Allocation Outline Revision The programmer s view of memory Simple array-based memory allocation C memory allocation routines
More informationMemory management. Johan Montelius KTH
Memory management Johan Montelius KTH 2017 1 / 22 C program # include int global = 42; int main ( int argc, char * argv []) { if( argc < 2) return -1; int n = atoi ( argv [1]); int on_stack
More informationDynamic Memory Alloca/on: Basic Concepts
Dynamic Memory Alloca/on: Basic Concepts Fall 2015 Instructor: James Griffioen Adapted from slides by R. Bryant and D. O Hallaron (hip://csapp.cs.cmu.edu/public/instructors.html) 1 Today Basic concepts
More informationMemory Allocation I. CSE 351 Autumn Instructor: Justin Hsia
Memory Allocation I CSE 351 Autumn 2016 Instructor: Justin Hsia Teaching Assistants: Chris Ma Hunter Zahn John Kaltenbach Kevin Bi Sachin Mehta Suraj Bhat Thomas Neuman Waylon Huang Xi Liu Yufang Sun Adapted
More informationCOSC Software Engineering. Lecture 16: Managing Memory Managers
COSC345 2013 Software Engineering Lecture 16: Managing Memory Managers Outline Typical problems (from previous lectures) Memory leaks aren t just for (Objective) C Tracking malloc() calls Catching calls
More informationRun-Time Environments/Garbage Collection
Run-Time Environments/Garbage Collection Department of Computer Science, Faculty of ICT January 5, 2014 Introduction Compilers need to be aware of the run-time environment in which their compiled programs
More informationCOSC345 Software Engineering. The Heap And Dynamic Memory Allocation
COSC345 Software Engineering The Heap And Dynamic Memory Allocation Outline Revision The programmer s view of memory Simple array-based memory allocation C memory allocation routines Virtual memory Swapping
More informationHW 3: Malloc CS 162. Due: Monday, March 28, 2016
CS 162 Due: Monday, March 28, 2016 1 Introduction Your task in this assignment is to implement your own memory allocator from scratch. This will expose you to POSIX interfaces, force you to reason about
More informationLast week. Data on the stack is allocated automatically when we do a function call, and removed when we return
Last week Data can be allocated on the stack or on the heap (aka dynamic memory) Data on the stack is allocated automatically when we do a function call, and removed when we return f() {... int table[len];...
More informationCMPS 105 Systems Programming. Prof. Darrell Long E2.371
+ CMPS 105 Systems Programming Prof. Darrell Long E2.371 darrell@ucsc.edu + Chapter 7: The Environment of a UNIX process + Introduction + The main() fuction n int main(int argc, char* argv[]); n argc =
More informationDynamic Memory Allocation: Advanced Concepts
Dynamic Memory Allocation: Advanced Concepts Keeping Track of Free Blocks Method 1: Implicit list using length links all blocks 5 4 6 Method : Explicit list among the free blocks using pointers 5 4 6 Kai
More informationDynamic Memory Alloca/on: Basic Concepts
Dynamic Memory Alloca/on: Basic Concepts 15-213 / 18-213: Introduc2on to Computer Systems 18 th Lecture, March. 26, 2013 Instructors: Anthony Rowe, Seth Goldstein, and Gregory Kesden 1 Today Basic concepts
More informationLimitations of the stack
The heap hic 1 Limitations of the stack int *table_of(int num, int len) { int table[len+1]; for (int i=0; i
More informationOptimizing Dynamic Memory Management
Optimizing Dynamic Memory Management 1 Goals of this Lecture Help you learn about: Details of K&R heap mgr Heap mgr optimizations related to Assignment #5 Faster free() via doubly-linked list, redundant
More informationMemory Allocation. Copyright : University of Illinois CS 241 Staff 1
Memory Allocation Copyright : University of Illinois CS 241 Staff 1 Memory allocation within a process What happens when you declare a variable? Allocating a page for every variable wouldn t be efficient
More informationCS 105 Malloc Lab: Writing a Dynamic Storage Allocator See Web page for due date
CS 105 Malloc Lab: Writing a Dynamic Storage Allocator See Web page for due date 1 Introduction In this lab you will be writing a dynamic storage allocator for C programs, i.e., your own version of the
More informationCS 11 C track: lecture 5
CS 11 C track: lecture 5 Last week: pointers This week: Pointer arithmetic Arrays and pointers Dynamic memory allocation The stack and the heap Pointers (from last week) Address: location where data stored
More informationImproving memory management security for C and C++
Improving memory management security for C and C++ Yves Younan, Wouter Joosen, Frank Piessens, Hans Van den Eynden DistriNet, Katholieke Universiteit Leuven, Belgium Abstract Memory managers are an important
More informationECE 598 Advanced Operating Systems Lecture 10
ECE 598 Advanced Operating Systems Lecture 10 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 17 February 2015 Announcements Homework #1 and #2 grades, HW#3 Coming soon 1 Various
More informationMemory Allocation III
Memory Allocation III CSE 351 Winter 2018 Instructor: Mark Wyse Teaching Assistants: Kevin Bi Parker DeWilde Emily Furst Sarah House Waylon Huang Vinny Palaniappan https://xkcd.com/835/ Administrivia Homework
More information1 Introduction. 2 Logistics. 3 Hand Out Instructions
CS 153, Winter 2018 Malloc Lab: Writing a Dynamic Storage Allocator Due: Last Friday in final s week. No slack days Graded by Interview on the same Friday or over weekend Nael Abu-Ghazaleh (nael@cs.ucr.edu)
More informationCS 33. Storage Allocation. CS33 Intro to Computer Systems XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.
CS 33 Storage Allocation CS33 Intro to Computer Systems XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved. The Unix Address Space stack dynamic bss program break data text CS33 Intro to Computer
More informationDynamic Memory. R. Inkulu (Dynamic Memory) 1 / 19
Dynamic Memory R. Inkulu http://www.iitg.ac.in/rinkulu/ (Dynamic Memory) 1 / 19 Types of memory allocations auto local * allocated on stack and uninitialized by default * accessible in the function that
More informationScientific Programming in C IV. Pointers
Scientific Programming in C IV. Pointers Susi Lehtola 1 November 2012 Pointers The feature at the heart of C are pointers, which are simply pointers to memory addresses. Scientific Programming in C, fall
More informationNEXT SET OF SLIDES FROM DENNIS FREY S FALL 2011 CMSC313.
NEXT SET OF SLIDES FROM DENNIS FREY S FALL 2011 CMSC313 http://www.csee.umbc.edu/courses/undergraduate/313/fall11/" Programming in C! Advanced Pointers! Reminder! You can t use a pointer until it points
More informationMemory Allocation III
Memory Allocation III CSE 351 Spring 2017 Instructor: Ruth Anderson Teaching Assistants: Dylan Johnson Kevin Bi Linxing Preston Jiang Cody Ohlsen Yufang Sun Joshua Curtis Administrivia Homework 5 Due Wed
More informationCling: A Memory Allocator to Mitigate Dangling Pointers. Periklis Akritidis
Cling: A Memory Allocator to Mitigate Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory Through Dangling Pointers Techniques : Heap Spraying, Feng Shui Manual
More informationCS 536 Introduction to Programming Languages and Compilers Charles N. Fischer Lecture 11
CS 536 Introduction to Programming Languages and Compilers Charles N. Fischer Lecture 11 CS 536 Spring 2015 1 Handling Overloaded Declarations Two approaches are popular: 1. Create a single symbol table
More informationBuffer Overflow and Format String Overflow Vulnerabilities
Syracuse University SURFACE Electrical Engineering and Computer Science College of Engineering and Computer Science 2002 Buffer Overflow and Format String Overflow Vulnerabilities Kyung-suk Lhee Syracuse
More informationDynamic Memory Allocation II October 22, 2008
15-213 Dynamic Memory Allocation II October 22, 2008 Topics Explicit doubly-linked free lists Segregated free lists Garbage collection Review of pointers Memory-related perils and pitfalls class18.ppt
More informationDynamic memory allocation
Dynamic memory allocation outline Memory allocation functions Array allocation Matrix allocation Examples Memory allocation functions (#include ) malloc() Allocates a specified number of bytes
More informationDynamic Memory Management! Goals of this Lecture!
Dynamic Memory Management!!! 1 Goals of this Lecture! Help you learn about:! Dynamic memory management techniques! Garbage collection by the run-time system (Java)! Manual deallocation by the programmer
More informationDynamic memory allocation (malloc)
1 Plan for today Quick review of previous lecture Array of pointers Command line arguments Dynamic memory allocation (malloc) Structures (Ch 6) Input and Output (Ch 7) 1 Pointers K&R Ch 5 Basics: Declaration
More informationRun-time Environments - 3
Run-time Environments - 3 Y.N. Srikant Computer Science and Automation Indian Institute of Science Bangalore 560 012 NPTEL Course on Principles of Compiler Design Outline of the Lecture n What is run-time
More informationLecture Notes on Memory Management
Lecture Notes on Memory Management 15-122: Principles of Imperative Computation Frank Pfenning Lecture 22 November 11, 2010 1 Introduction Unlike C0 and other modern languages like Java, C#, or ML, C requires
More informationLecture Notes on Memory Management
Lecture Notes on Memory Management 15-122: Principles of Imperative Computation Frank Pfenning Lecture 21 April 5, 2011 1 Introduction Unlike C0 and other modern languages like Java, C#, or ML, C requires
More informationMemory Corruption 101 From Primitives to Exploit
Memory Corruption 101 From Primitives to Exploit Created by Nick Walker @ MWR Infosecurity / @tel0seh What is it? A result of Undefined Behaviour Undefined Behaviour A result of executing computer code
More informationOperating System Labs. Yuanbin Wu
Operating System Labs Yuanbin Wu CS@ECNU Operating System Labs Project 2 Due 21:00, Oct. 24 Project 3 Group of 3 If you can not find a partner, drop us an email You now have 3 late days, but start early!
More informationReminder: compiling & linking
Reminder: compiling & linking source file 1 object file 1 source file 2 compilation object file 2 library object file 1 linking (relocation + linking) load file source file N object file N library object
More informationDynamic Data Structures. CSCI 112: Programming in C
Dynamic Data Structures CSCI 112: Programming in C 1 It s all about flexibility In the programs we ve made so far, the compiler knows at compile time exactly how much memory to allocate for each variable
More informationUser created Heap Management in C on AIX
Nitin.Bagoria User Created Heap Management in C on AIX Page 1 of 9 User created Heap Management in C on AIX Introduction The term heap, or memory heap, generally means a free memory pool, from which a
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Homework 1 Due: Wednesday, February 9, at 9:59pm Instructions. Submit your solution by Wednesday, February 9, at 9:59pm, in the drop box labelled CS161 in 283
More informationECE454, Fall 2014 Homework3: Dynamic Memory Allocation Assigned: Oct 9th, Due: Nov 6th, 11:59PM
ECE454, Fall 2014 Homework3: Dynamic Memory Allocation Assigned: Oct 9th, Due: Nov 6th, 11:59PM The TA for this assignment is Xu Zhao (nuk.zhao@mail.utoronto.ca). 1 Introduction OptsRus is doing really
More information6.172 Performance Engineering of Software Systems Spring Lecture 9. P after. Figure 1: A diagram of the stack (Image by MIT OpenCourseWare.
6.172 Performance Engineering of Software Systems Spring 2009 Lecture 9 MIT OpenCourseWare Dynamic Storage Allocation Stack allocation: LIFO (last-in-first-out) Array and pointer A used unused P before
More informationMemory Corruption Vulnerabilities, Part II
Memory Corruption Vulnerabilities, Part II Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Integer Overflow Vulnerabilities * slides adapted from those by Seacord 3 Integer Overflows
More informationAt this time we have all the pieces necessary to allocate memory for an array dynamically. Following our example, we allocate N integers as follows:
Pointers and Arrays Part II We will continue with our discussion on the relationship between pointers and arrays, and in particular, discuss how arrays with dynamical length can be created at run-time
More informationDynamic Allocation in C
Dynamic Allocation in C C Pointers and Arrays 1 The previous examples involved only targets that were declared as local variables. For serious development, we must also be able to create variables dynamically,
More information