C lost pointer

In the field of computer programming,Lost pointer, OrFloating pointer,Wild pointerIs a pointer that does not point to any valid object.

When the object to which the pointer is directed is released or withdrawn, but the pointer is not modified, the pointer still points to the recycled memory address, in this case, the pointer is called a lost pointer. If the operating system re-allocates the released memory to another process, and the original program re-references the lost pointer, unexpected consequences will occur. At this time, the memory pointed to by the lost pointer now contains completely different data. Generally, if the original program continues to write data to the memory address pointed by the lost pointer, the data unrelated to the original program will be damaged, leading to unexpected program errors. This type of program error is difficult to find the cause of the problem. It usually leads to segment errors (in Linux) and general protection errors (in Windows ). If the memory distributor of the operating system distributes the covered data areas, the system stability may be affected.

Some programming languages allow the existence of Uninitialized pointers, and such pointers are wild pointers. Errors Caused by the wild pointer are very similar to those caused by the lost pointer, but the problem of the wild pointer is more likely to be discovered.

Address:Http://www.cnblogs.com/archimedes/p/wild-pointer.html, Reprinted, please specify the source address.

Causes of lost pointers

In many programming languages (such as the C language), deleting an object from the memory or deleting the stack frame at the return time does not change the related pointer value. The pointer still points to the original memory address. Even if the reference has been deleted, it may be used by other processes now.

A direct example is as follows:

{   char *cp = NULL;   /* ... */   {       char c;       cp = &c;   } /* c falls out of scope */               /* cp is now a dangling pointer */}

The solution to the above problem is to assign 0 (null) to CP immediately before the program exits ). Another way is to ensure that the CP will not be used before initialization.

Lost pointers are often used in hybrid scenarios.Malloc ()AndFree ()Library call: When the pointer to the memory is released, the pointer is lost. As in the previous example, a way to avoid this error is to reset the pointer value to null after releasing its reference, as shown below:

# Include <stdlib. h> {char * CP = malloc (a_const );/*... */free (CP);/* CP is now a floating pointer */CP = NULL;/* CP is not suspended now *//*... */}

A common error is that when the address of a stack-based local variable is returned, the space allocated to these variables will be recycled once the called function returns, in this case, they have "junk values ".

int * func ( void ){    int num = 1234;    /* ... */    return #}

Before callingFuncLater, if you try to read the num value from the pointer, the correct value (1234) may still be returned, but any subsequent function call will overwrite the original StackNumThe allocated space. In this case, it is incorrect to read the num value from the pointer. If you wantNumTo return the correct num value, you must declare the variableStatic.

Generation of wild pointers

A wild pointer refers to a pointer that has not been initialized. Strictly speaking, each pointer in a programming language is a wild pointer before initialization.

Generally, a pointer is used before initialization. Most compilers can detect this problem and warn users.

Int F (int I) {char * CP; // CP is a wild pointer static char * SCP; // SCP is not a wild pointer, static variables are automatically initialized to 0 and their values are retained // This feature may be considered bad programming style}

Security vulnerabilities caused by lost pointers

As with cache overflow errors, errors such as lost pointers and wild pointers often result in security vulnerabilities. For example, if a pointer is used to call a virtual function, because the vtable pointer is overwritten, it may access a different address (pointing to the exploited code ). Or, if the pointer is used to write data into the memory, other data structures may be damaged. Once the pointer becomes a lost pointer, even if the memory is read-only, it will still cause information leakage (if the data you are interested in is placed in the next data structure, it will be allocated in the memory) or increase access permissions (if the memory is not available now, it is used for security detection ).

Avoid misrouting pointer errors

To avoid the confusion pointer, there is a popular method-the use of smart pointers ). Smart pointers use reference count to recycle objects. Some other technologies include the tombstone method and the locks-and-keys method.

In addition, you can use the diehard memory distributor, which virtually eliminates errors similar to other memory errors (invalid or twice released memory.

Another method is the shell garbage collector, a conservative method for garbage collection, which can replace the standard memory allocation functions in C and C ++. This method completely eliminates the error of the lost pointer and recycles the object by removing the memory-released function.

Errors such as the lost pointer in Java do not occur, Because Java does not explicitly re-allocate the memory. In addition, the garbage collector will only re-allocate the memory when the object reference number is zero.

Stray pointer Detection

To discover the lost pointer, a common programming technology-once the memory space pointed to by the pointer is released, the pointer is immediately set to a null pointer or an invalid address. When a null pointer is re-referenced, the program will immediately stop, which will avoid data corruption or unexpected consequences. This will make the Errors generated in the subsequent programming process easy to discover and solve. This technology cannot play its due role when the pointer has multiple copies.

Some debuggers automatically overwrite the released data in a specific mode, such0xDEADBEEF(Microsoft's Visual C/C ++ debugger, for example, depending on which type is released using0xCC,0xCDOr0xDD). This method prevents released data from being reused by making the data useless. The role of this method is very significant (this mode can help the program to distinguish which memory is just released ).

Some tools, such as valgrind, Mudflap, or llvm, can be used to detect the use of lost pointers.

 

C lost pointer