Demo sample and analysis of memory corruption problem

Source: Internet
Author: User

The original text illustrates three memory corruptions in the sample code system: Global memory, stack corruption, heap corruption, and why.

A cursory collation such as the following.


Global Memory Corruption

That is, the memory usage of the global variables is out of the question, mostly out of bounds.

For example, the following code:

#include <stdio.h> #define MAX 6int arrdata[max];int endval;int Main () {   int i = 0;   Endval = n;   for (i = MAX; (endval) && (i >= 0); I--, endval--)   {      Arrdata[i] = endval * endval;   }   printf ("Values are \ n");   for (i = 0; i < MAX; i++)   {      printf ("\ t%d\n", Arrdata[i]);   }   return 0;}


The result of the compilation run is:

Values are190441932119600198812016420449


Walking through the code, you can see that the initial value of I in the first loop is Max, which should be MAX-1.

It was this cross-border that rewrote the value of Endval.

That global variable in memory is the neighbor (the output on my Mac OS):

(GDB) p &endval$2 = (int *) 0x100001038 (GDB) p &arrdata$3 = (int (*) [6]) 0x100001020


So the assignment of Arrdat[max] actually becomes the assignment to the Endval.


This disruptive operation can be summarized in two ways:

    • The array is out of bounds, up or down (negative values).
    • Access to the wrong address through the pointer.


Stack Corruption

In the *nix system, the stack is used to store local variables, function parameters, and return values. Stack corruption often leads to unknown behavior and crashes.


There are two cases of stack corruption:

    • Memory out-of-bounds operation.
    • Stack overflow (stack overflow).


memory out of bounds

The cross-border situation is similar to the previous one, and only occurs on the data stored on the stack. For example, the following code:

#include <stdio.h> #include <string.h> #define LEN 6void cpyprint (char *str) {   char abuf[len];   strcpy (Abuf, str);   printf ("String is%s\n", abuf);} int main () {   char *astr = "Mylinux";   Cpyprint (ASTR);   return 0;}


The compile run will crash.

The following are the results on my Mac OS:

(GDB) rstarting program:/volumes/development/project/testing/stackcorruptreading symbols for shared libraries + ..... Doneprogram received signal SIGABRT, aborted.0x00007fff88815d46 in __kill () (GDB) bt#0<,............ C0/>0x00007fff88815d46 in __kill () #1  0x00007fff8602d053 in __abort () #2  0x00007fff85fee74d in __chk_fail () #3 c3/>0x00007fff85feea1f in __strcpy_chk () #4  0x0000000100000ea6 in Cpyprint (str=0x100000f3e "MyLinux") at Stackcorrupt.c:8#5  0x0000000100000ef3 in Main () at stackcorrupt.c:17


The reason for the local variable size in the Cpyprint function is 6, but it is put in 8 characters (including a Terminator).


Stack Overflow

The following is a demo sample code for the stack Overflow problem:

#include <stdio.h>int recur (long int var) {   if (var > 0)   {       recur (var--);   }   printf ("The Var is%ld\n", Var);   return var;} int main () {   recur (+);   return 0;}


When does this code collapse? Also look at the stack size settings in the running system, which can be traced directly using the following instructions:

$ulimit-S

By default, it will be 8192 (Kbytes).


Heap Corruption


A heap error has occurred. Will report the infamous segment fault error. There are three types of causes:

    • Attempts to write data to the memory that has been freed.

    • Cross-border operations (which are indeed the most common causes).
    • An attempt is made to write data to memory that has not been allocated.


Here is a demo sample:

#include <stdio.h> #include <stdlib.h>int main () {   int *pdata = NULL;   int num = n;   PData = (int*) malloc (num * sizeof (int));   ... do stuff with the memory free   (pData);   Pdata[0] =-1;   PData = (int*) malloc (num * sizeof (int));   ... do stuff with the memory free   (pData);   return 0;}


In order to troubleshoot memory problems, the preferred tool is naturally valgrind, not much to do with the introduction.


Reason Link: http://mylinuxbook.com/memory-corruption-in-linux-programming/


Demo sample and analysis of memory corruption problem

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.