All geek questions in one place

What level is the null pointer on the computer?

A raw computer basically just has memory with physical addresses starting with 0, right? Then someone could write assembly code (e.g. BIOS) and actually set the value to 0.

Now, if there is a BIOS that starts the computer, someone can write a bootloader for the operating system. Can this person decide to move the actual values ​​to position 0 in memory in assembly language?

What if they use C or C ++? Can they have a pointer with a value of 0 and use it to access the first memory cell? Does this require a specially adapted compiler?

And then the operating system enters the scene. It has a memory manager that malloc calls to get more memory. An operating system can be written that can simply use null pointers as regular pointers, but otherwise behaves exactly like Linux, and then, if someone compiles a C program with a normal, unmodified GCC for it, a null pointer won't cause segmentation fault?

+4
source share
4 answers

A null pointer in C and similar languages ​​is just a convention that makes it easy to check for an indication that the pointer does not point to anything valid. There is nothing on the computer that would physically stop anything from storing data in memory location 0. In fact, the C standard does not even state that a null pointer must have all bits zero or correspond to memory location 0 that you get from (void *)0 .

malloc , and similar functions cannot return a null pointer as a valid memory location, because returning a null pointer is specifically defined to indicate a failure.

Now, in order to support this extremely common use of the null pointer in C, some operating systems do not specifically display or otherwise set a trap for the memory cell corresponding to the null pointer, so any random accesses immediately increase the segmentation violation or whatever. Of course, there are operating systems that do not.

+2
source

While the NULL pointer is represented as 0 in the C source code, there is no requirement that the base bit pattern is actually 0. It just needs to be distinguished from non-NULL pointers. There are examples of architectures where it is not zero under covers.

This is the C implementation itself, which defines what NULL is.

You should also understand that modern operating systems (as well as those that make virtual memory) have a gap between the virtual address space of the process and the underlying physical memory.

+2
source

Read this Why is a Linux program that resolves (char *) 0 not always segfault? at least half your answer :-) And this is http://wiki.debian.org/mmap_min_addr The first part, about vulnerabilities, where possible, until the "fix" mmap_min_addr. And this http://eparis.livejournal.com/606.html with a story about this vulnerability.

So, yes, you can map the page to address 0 and put the code there. Your system will be weaker than errors in programs, but "perfect" programs will work the same way as before. As for the question "what happens if the program gets access to segment 0" ... Well ... Whatever you want ...

But I think you do not exactly understand how the protected memory of "modern" processors works. Each process can see a different block of memory associated with the address, and some processes can β€œwrite” to this page, and some can only β€œread” (and some can be executed).

+2
source

Linux (or any "normal" processes and virtual memory OS) leaves the smallest addresses unchanged, in particular to detect errors with a null pointer. consider the following example:

 #include <unistd.h> #include <sys/mman.h> int main() { char *p = mmap(0,4096,PROT_READ|PROT_WRITE,MAP_ANONYMOUS|MAP_SHARED|MAP_FIXED,-1,0); if (p == MAP_FAILED) return 1; p[0] = 'x'; p[1] = '\n'; write(1,0,2); return 0; }

this works on pre-selinux systems (prints "x"), although on my desktop with selinux disabled, it only works as root, not a regular user. but the fact is that you, as a rule, control everything in your virtual address space. if you really want to put something at 0, you can, although you may encounter, for example, code that refuses to process a string at 0.

+1
source

Source: https://habr.com/ru/post/1343444/

More articles:


All Articles