Chapter 2: Representing and manipulating information

Source: Internet
Author: User

Constant such as 12345 or 0x1A2B, the value is considered signed. Adding character 'U' or 'U' as a suffix creates an unsigned constant, e.g., 12345U or 0x1A2Bu.
When printing numeric values with printf, the directives % d, % u, and % x are used to print a number as a signed decimal, an unsigned decimal, and in hexadecimal format, respectively. note that printf does not make use of any type information, and so it is possible to print a value of type int with directive % u and
A value of type unsigned with directive % d. For example, consider the following code:

Int x =-1;
Unsigned u = 2147483648;/* 2 to the 31st */

Printf ("x = % u = % d \ n", x, x );
Printf ("u = % d \ n", u, u );
When run on a 32-bit machine, it prints the following:
X = 4294967295 =-1
U = 2147483648 =-2147483648

A negative value of maxlen. Then the minimum computation on line 16 will compute this value for len,
Which will then be passed as the parameter n to memcpy. Note, however, that parameter n is declared
Having data type size_t. this data type is declared (via typedef) in the library file stdio. h. typically it is defined to be unsigned int on 32-bit machines. since argument n is unsigned, memcpy will treat it as a very large, positive number and attempt to copy that bytes from the kernel region to the user's buffer. copying that bytes (at least 231) will not actually work, because the program will encounter invalid addresses in the process, but the program cocould read regions of the kernel memory for which it is not authorized.

We can see that this problem arises due to the mismatch between data types: in one place
Length parameter is signed; in another place it is unsigned. Such mismatches can be a source of bugs
And, as this example shows, can even lead to security vulnerabilities. fortunately, there were no reported cases where a programmer had exploited the vulnerability in FreeBSD. they issued a security advisory, "FreeBSD-SA-02: 38. signed-error, "advising system administrators on how to apply a patch that wocould remove the vulnerability. the bug can be fixed by declaring parameter maxlen to copy_from_kernel
To be of type size_t, to be consistent with parameter n of memcpy. We shoshould also declare local variable len and the return value to be of type size_t.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.