Last week. Data on the stack is allocated automatically when we do a function call, and removed when we return

Similar documents
Limitations of the stack

In Java we have the keyword null, which is the value of an uninitialized reference type

INITIALISING POINTER VARIABLES; DYNAMIC VARIABLES; OPERATIONS ON POINTERS

Dynamic Memory Management! Goals of this Lecture!

Buffer overflow background

Dynamic Memory Management

CS 330 Lecture 18. Symbol table. C scope rules. Declarations. Chapter 5 Louden Outline

Announcements. assign0 due tonight. Labs start this week. No late submissions. Very helpful for assign1

Dynamic Memory Management

CSC 1600 Memory Layout for Unix Processes"

Lecture 8 Dynamic Memory Allocation

o Code, executable, and process o Main memory vs. virtual memory

Lecture 4 September Required reading materials for this class

Hacking in C. Pointers. Radboud University, Nijmegen, The Netherlands. Spring 2019

Software and Web Security 1. Root Cause Analysis. Abstractions Assumptions Trust. sws1 1

TI2725-C, C programming lab, course

Hacking in C. Memory layout. Radboud University, Nijmegen, The Netherlands. Spring 2018

Binding and Storage. COMP 524: Programming Language Concepts Björn B. Brandenburg. The University of North Carolina at Chapel Hill

Reflections on using C(++) Root Cause Analysis

CS 61C: Great Ideas in Computer Architecture C Pointers. Instructors: Vladimir Stojanovic & Nicholas Weaver

Advanced Programming & C++ Language

Dynamic Data Structures. CSCI 112: Programming in C

Programming Language Implementation

DAY 3. CS3600, Northeastern University. Alan Mislove

CMSC 330: Organization of Programming Languages

ECE 598 Advanced Operating Systems Lecture 12

CS 11 C track: lecture 5

CMSC 330: Organization of Programming Languages

CS61C : Machine Structures


Dynamic Allocation in C

Pointers (continued), arrays and strings

Run-time Environments - 3

CSCI-UA /2. Computer Systems Organization Lecture 19: Dynamic Memory Allocation: Basics

Memory Management in C (Dynamic Strings) Personal Software Engineering

CS 31: Intro to Systems Pointers and Memory. Kevin Webb Swarthmore College October 2, 2018

6.172 Performance Engineering of Software Systems Spring Lecture 9. P after. Figure 1: A diagram of the stack (Image by MIT OpenCourseWare.

Memory (Stack and Heap)

C Programming. Course Outline. C Programming. Code: MBD101. Duration: 10 Hours. Prerequisites:

Memory Allocation. Static Allocation. Dynamic Allocation. Dynamic Storage Allocation. CS 414: Operating Systems Spring 2008

Pointers (continued), arrays and strings

Motivation for Dynamic Memory. Dynamic Memory Allocation. Stack Organization. Stack Discussion. Questions answered in this lecture:

CS61C : Machine Structures

Programs in memory. The layout of memory is roughly:

CS 61C: Great Ideas in Computer Architecture C Memory Management, Usage Models

Dynamic Storage Allocation

Low-Level C Programming. Memory map Pointers Arrays Structures

'Safe' programming languages

Arrays and Memory Management

Class Information ANNOUCEMENTS

Memory Allocation in C C Programming and Software Tools. N.C. State Department of Computer Science

A.Arpaci-Dusseau. Mapping from logical address space to physical address space. CS 537:Operating Systems lecture12.fm.2

CMSC 330: Organization of Programming Languages. Memory Management and Garbage Collection

Princeton University. Computer Science 217: Introduction to Programming Systems. Dynamic Memory Management

CMSC 330: Organization of Programming Languages. Ownership, References, and Lifetimes in Rust

Memory Management. CSC215 Lecture

Dynamic Memory. Dynamic Memory Allocation Strings. September 18, 2017 Hassan Khosravi / Geoffrey Tien 1

Run-Time Environments/Garbage Collection

Run-time Environments -Part 3

Review! Lecture 5 C Memory Management !

Memory management COSC346

CS61C : Machine Structures

Advances in Programming Languages: Regions

Memory Management (Chaper 4, Tanenbaum)

Chapter 1 INTRODUCTION SYS-ED/ COMPUTER EDUCATION TECHNIQUES, INC.

Dynamic Memory Allocation

ECE 598 Advanced Operating Systems Lecture 10

Manual Allocation. CS 1622: Garbage Collection. Example 1. Memory Leaks. Example 3. Example 2 11/26/2012. Jonathan Misurda

Name, Scope, and Binding. Outline [1]

Page 1. Today. Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right? Compiler requirements CPP Volatile

Week 9 Part 1. Kyle Dewey. Tuesday, August 28, 12

CS61C : Machine Structures

CPSC 213. Introduction to Computer Systems. Winter Session 2017, Term 2. Unit 1c Jan 24, 26, 29, 31, and Feb 2

CSE 333 Lecture 4 - malloc, free, struct, typedef

Data Structure Series

Memory management. Johan Montelius KTH

Runtime. The optimized program is ready to run What sorts of facilities are available at runtime

Lecture 14. No in-class files today. Homework 7 (due on Wednesday) and Project 3 (due in 10 days) posted. Questions?

Memory Management (Chaper 4, Tanenbaum)

CE221 Programming in C++ Part 2 References and Pointers, Arrays and Strings

Pointers, Arrays, Memory: AKA the cause of those Segfaults

Process s Address Space. Dynamic Memory. Backing the Heap. Dynamic memory allocation 3/29/2013. When a process starts the heap is empty

C Programming Basics II

Cling: A Memory Allocator to Mitigate Dangling Pointers. Periklis Akritidis

Dynamic Memory. R. Inkulu (Dynamic Memory) 1 / 19

Chapter 2 (Dynamic variable (i.e. pointer), Static variable)

Lectures 13 & 14. memory management

Some Basic Concepts EL6483. Spring EL6483 Some Basic Concepts Spring / 22

Intrusion Detection and Malware Analysis

Undefined Behaviour in C

Memory Management. CS449 Fall 2017

CSci 4061 Introduction to Operating Systems. Programs in C/Unix

CSE 565 Computer Security Fall 2018

CS 33. Intro to Storage Allocation. CS33 Intro to Computer Systems XXVI 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

CS 105 Malloc Lab: Writing a Dynamic Storage Allocator See Web page for due date

Quiz 0 Review Session. October 13th, 2014

Interlude: Memory API

Software Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen

Chapter 1 GETTING STARTED. SYS-ED/ Computer Education Techniques, Inc.

Memory Analysis tools

Transcription:

Last week Data can be allocated on the stack or on the heap (aka dynamic memory) Data on the stack is allocated automatically when we do a function call, and removed when we return f() {... int table[len];... } Data on the heap must be (de)allocated manually, using malloc and free int *table = malloc(len*sizeof(int));... free(table); sws1 1

Stack vs heap To use data on the heap, we must use pointers! otherwise the data is lost and we cannot use it Pointers to data allocated on the heap can be on the stack in the heap itself You can have pointers from the heap to the stack, but typically you do not need them, or want them! sws1 2

Stack Heap sws1 3

Memory y( (security) problems Malicious code, buggy code, and insecure code can access data anywhere on the heap and stack, eg by doing pointer arithmetic by overrunning array bounds More generally, security problems with memory can be due to 1. running out of memory 2. lack of initialisation of memory 3. bugs in program code esp for heap, as dynamic memory is more complex & error-prone Hence MISRA-C guidelines for safety-critical software include Rule 20.4 (REQUIRED) Dynamic heap allocation shall not be used sws1 4

Running out of stack memory (aka stack overflow) Max size of the stack is finite and typically fixed on start-up of a process Normally, stack overflow will simply crash a program as demo-ed last week Are there sensible alternatives? Are there more dangerous alternatives? sws1 5

http://embeddedgurus.com/state-space/2014/02/are-we-shooting-ourselves-in-the-foot-with-stack-overflow/ sws1 6

sws1 7

sws1 8

memory initialisation What will this program print? char b; printf( b is %i.\n, b); // %i to print integer In C memory is not initialised, so b can have any value. Some programming language do provide a default initialisation. Why is that nicer and more secure? programs behave more deterministic; a program with uninitialised variables can behave differently each time it s run, which is not nice esp. when debugging for security: by reading uninitialised memory, a program can read confidential memory contents left there earlier sws1 9

calloc Memory allocated on the heap with malloc is typically not initialised Many OSs will zero out memory for a new process, but recycling of memory within that process means that malloc-ed memory may contain old junk. If OS does not zero out memory for new processes, you can access confidential information left in memory by other processes by malloc-ing large chunks of data! The function calloc will initialise the memory it allocates, to all zeroes downside: this is slower upside: This is good for security and for avoiding accidential i nondeterminism due to missing initialisation in a (buggy) program But, in security-sensitive code,,you may still want to zero out confidential information in memory yourself before you free it sws1 10

Stack vs heap allocation Consider main() {while (true) { f(); } } What is the difference in behaviour for the two versions of f() below? void f(){ int x[300]; x[0]=0; for (int i=1; i<300; i++) {x[i] = x[i-1]+i;} printf( result is %i \n, x[299]); } malloc may fail void f(){ int *x = malloc(300*sizeof(int)); x[0]=0; for (int i=1; i<300; i++) {x[i] = x[i-1]+i;} printf( result is %i \n, x[299]); memory leak! } the memory of x will remain allocated; so main will crash when heap memory runs out sws1 11

Stack vs heap allocation void (f){ } int *x = malloc(300*sizeof(int)); if (x==null) { exit(); } x[0]=0; for (int i=1; i<300; i++) {x[i] = x[i-1]+i;} printf( result is %i \n, x[299]); free(x); // to avoid memory leaks Moral of the story: heap allocation is more work for the programmer sws1 12

Heap problems: memory leaks Memory leaks occur when you forget to use free correctly. Programs with memory leaks will crash if they run for long enough. You may also notice programs running slower over time if they leak memory. Restarting such a program will help, as it will start with a fresh heap sws1 13

More heap problems: dangling g pointers Never use memory after it has been de-allocated int *x = malloc (1000); free (x);... print( Let s use a dangling pointer %s, x); A pointer to memory that has been de-allocated (freed) is called a dangling pointer. When using dangling pointers, all bets are off... sws1 14

More heap problems: using free incorrectly Never free memory that is not dynamically allocated char *x = hello ; free (x); // error, since hello // is statically allocated Never double free char *x = malloc (1000); free (x);... free (x); // error sws1 15

Memory management trouble: spot the bug int *x = malloc (1000); int *y = malloc (2000); y = x; memory leak! we cannot access the 2000 bytes that y pointed to, and we cannot free them! sws1 16

Aliasing spot the bug! Aliasing can make some of these bugs hard to spot int *x = malloc (1000); int *y = malloc (2000); int *z = x; y = x; int *w = y; free (w); free (z); double free! this memory is already de-allocated in the line above Two pointers are called aliases if they both point to the same address Aliasing, i together th with the fact that t malloc and free can happen in different places of the program, make dynamic memory management extremely tricky!! sws1 17

Heap memory management The implementations of malloc and free have to keep track of which parts of heap are still unused. Initially, the free memory is one contiguous region. As more blocks are malloc-ed and freed, it becomes messier free free free free free used initially 1 malloc 4 more malloc s 2 free s 2 more malloc s sws1 18

Heap memory management The implementations of malloc and free have to keep track of which parts of heap are still unused. How would you do this? sws1 19

Example heap management: recording free heap chunks first_free next end next end NULL end Inside each free chunk a pointer to the next free chunk a pointer to the end of the current free chunk Not very efficient: real malloc and free do more admin for efficiency sws1 20

Heap memory management One way is to maintain a free list of all the heap chunks that are unused. This info can be recorded on the heap itself, namely in the unused parts of the heap. You can also maintain meta-information in the used chunks on the heap to help in de-allocation (eg the size of the chunk) NB an attacker can try to corrupt any this data! Padding malloc-ed data to a round number reduces fragmentation. The programmer can make memory management easier and reduce fragmentation by often allocating chunks of data of the same size. Malloc-ed data can not be moved or shifted on the heap, because this will break pointers to that data! sws1 21

garbage g collection In modern programming languages (Java, C#,...), instead of the programmer having to free dynamic memory, there is a garbage collector which automatically frees memory that is no longer used. Advantage: much less error-prone Disadvantage: performance Garbage collection is an expensive operation (it involves analysis of the entire heap), so garbage collection brings some overhead. Moreover, garbage collection may kick in at unexpected moments, temporarily resulting in a very bad response time. Still, there are clever garbage collection schemes suitable for real-time programs. sws1 22

Recap: stack vs heap Stack variables are allocated and de-allocated automatically allocation is much faster than for the heap data on the stack can be used without pointers data needs have to be known at compile time stack space may run out, eg. due to infinite recursions max size of the stack usually fixed by OS when program starts Heap (de)allocation has to be done manually by the programmer; this is highly error-prone! allocation of heap memory slower than for stack memory to access data on the heap, you must use pointers; this is also error-prone! more flexible, and must to be used when data needs are not known at compile time heap space may run out too, but can grow during the life time sws1 23

Lack of memory protection Data is typically not initialised when allocated except static global variables, memory allocated by calloc, and possibly fresh heap memory allocated by malloc the first time it is used Irrespective of whether we store data on the heap or the stack: malicious code, buggy code, and insecure code can access data anywhere on heap or stack, eg by doing pointer arithmetic by overrunning array bounds Buggy or insecure code acting on malicious input supplied by an attacker can be used for malicious purposes. Malicious, buggy or insecure code can be in libraries or in, say, a browser plugin. sws1 24

Sun tarball problem (1993) Every tarball produced on Solaris 2.0 contained fragments of the password file /etc/password. / How did this happen? tar looked up user info directly prior to producing tarball: password file was loaded in memory for this this memory was then released then tar allocated memory for constructing the tarball allocated memory was always the memory just released memory not zeroed out on allocation... Solution: replacing char *buf (char*)malloc(bufsize) by char *buf (char*)calloc(bufsize) 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback