Wednesday, March 6, 2013

Memory safety



  • Memory safety 

Memory safety is a concern in software development that aims to avoid software bugs that cause security vulnerabilities dealing with random-access memory (RAM) access, such as buffer overflows and dangling pointers.
Computer languages such as C and C++ that support arbitrary pointer arithmetic, casting, and deallocation are typically not memory safe

Types of memory errors
    Buffer overflow - Out-of bound writes can corrupt the content of adjacent objects, or internal data like bookkeeping information for the heap or return addresses.
    Dynamic memory errors - Incorrect management of dynamic memory and pointers:
        Dangling pointer - A pointer storing the address of an object that has been deleted.
        Double frees - Repeated call to free though the object has been already freed can cause freelist-based allocators to fail.
        Invalid Free - Passing an invalid address to free can corrupt the heap. Or sometimes will lead to an undefined behavior.
        Null pointer accesses will cause an exception or program termination in most environments, but can cause corruption in operating system kernels or systems without memory protection, or when use of the null pointer involves a large or negative offset.
    Uninitialized variables - A variable that has not been assigned a value is used. It may contain an undesired or, in some languages, a corrupt value.
        Wild pointers arise when a pointer is used prior to initialization to some known state. They show the same erratic behaviour as dangling pointers, though they are less likely to stay undetected.
    Out of memory errors:
        Stack overflow - Occurs when a program runs out of stack space, typically because of too deep recursion.
        Allocation failures - The program tries to use more memory than the amount available. In some languages, this condition must be checked for manually after each allocation.

Buffer overflow
A buffer is a temporary data storage area. Buffer overflow is the most common way for an attacker outside the system to gain unauthorized access to the target system. A buffer overflow occurs when a program tries to store more data in a buffer than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.It allows attacker to interfere into the existing process code. Attacker uses buffer or stack overflow to do following,

    Overflow the input field, command line space or input buffer.
    Overwrite the current return address on the stack with the address of the attacking code.
    write a simple code that attacker wishes to execute.

http://en.wikipedia.org/wiki/Memory_safety

Type safety

  • Type safety

In computer science, type safety is the extent to which a programming language discourages or prevents type errors.
A type error is erroneous or undesirable program behaviour caused by a discrepancy between differing data types for the program's constants, variables, and methods (functions), e.g., treating an integer (int) as a floating-point number (float).
some languages have type-safe facilities that can be circumvented by programmers who adopt practices that exhibit poor type safety

Type enforcement can be static, catching potential errors at compile time, or dynamic, associating type information with values at run-time and consulting them as needed to detect imminent errors, or a combination of both.

Type safety is closely linked to memory safety, a restriction on the ability to copy arbitrary bit patterns from one memory location to another. For instance, in an implementation of a language that has some type t, such that some sequence of bits (of the appropriate length) does not represent a legitimate member of t, if that language allows data to be copied into a variable of type t, then it is not type-safe because such an operation might assign a non-t value to that variable.

Conversely, if the language is type-unsafe to the extent of allowing an arbitrary integer to be used as a pointer, then it is clearly not memory-safe.

Type-safe code accesses only the memory locations it is authorized to access
(For this discussion, type safety specifically refers to memory type safety and should not be confused with type safety in a broader respect.)
For example, type-safe code cannot read values from another object's private fields.


Type safety is ultimately aimed at excluding other problems
Prevention of illegal operations. For example, we can identify an expression 3 / "Hello, World" as invalid, because the rules of arithmetic do not specify how to divide an integer by a string.
Memory safety
    Wild pointers can arise when a pointer to one type object is treated as a pointer to another type. For instance, the size of an object depends on the type, so if a pointer is incremented under the wrong credentials, it will end up pointing at some random area of memory.
Buffer overflow - Out-of bound writes can corrupt the contents of objects already present on the heap. This can occur when a larger object of one type is crudely copied into smaller object of another type.
Logic errors originating in the semantics of different types. For instance, inches and millimeters may both be stored as integers, but should not be substituted for each other or added. A type system can enforce two different types of integer for them.


#include <iostream>
using namespace std;

int main()
{
    int ival = 5;                   // A four-byte integer (on most processors)
    void *pval = &ival;             // Store the address of ival in an untyped pointer
    double dval = *((double*)pval); // Convert it to a double pointer and get the value at that address
    cout << dval << endl;           // Output the double (this will be garbage and not 5!)
    return 0;
}

/*
Even though pval does contain the correct address of ival,
when pval is cast from a void pointer to a double pointer the resulting double value is not 5,
but an undefined garbage value. On the machine code level,
this program has explicitly prevented the processor from performing the correct conversion from a four-byte integer to an eight-byte floating-point value.
When the program is run it will output a garbage floating-point value and possibly raise a memory exception.
Thus, C++ (and C) allow type-unsafe code.
*/

http://en.wikipedia.org/wiki/Type_safety





  • Type safety means that the compiler will validate types while compiling, and throw an error if you try to assign the wrong type to a variable.


Some simple examples:
// Fails, Trying to put an integer in a string
String one = 1;
// Also fails.
int foo = "bar";


This also applies to method arguments, since you are passing explicit types to them:
int AddTwoNumbers(int a, int b)
{
    return a + b;
}

If I tried to call that using: The compiler would throw an error, because I am passing a string ("5"), and it is expecting an integer.
int Sum = AddTwoNumbers(5, "5");



In a loosely typed language, such as javascript
function AddTwoNumbers(a, b)
{
    return a + b;
}
Sum = AddTwoNumbers(5, "5");
Javascript automaticly converts the 5 to a string, and returns "55".
This is due to javascript using the + sign for string concatenation
To make it type-aware, you would need to do something like:

function AddTwoNumbers(a, b)
{
    return Number(a) + Number(b);
}

Or, possibly:

function AddOnlyTwoNumbers(a, b)
{
    if (isNaN(a) || isNaN(b))
        return false;
    return Number(a) + Number(b);
}


http://stackoverflow.com/questions/260626/what-is-type-safe


So What is hiberfil.sys Anyway?



  • So What is hiberfil.sys Anyway?

Windows has two power management modes that you can choose from: one is Sleep Mode,The other is Hibernate mode, which completely writes the memory out to the hard drive, and then powers the PC down entirely, so you can even take the battery out, put it back in, start back up, and be right back where you were.
Hibernate mode uses the hiberfil.sys file to store the the current state (memory) of the PC,
http://www.howtogeek.com/howto/15140/what-is-hiberfil.sys-and-how-do-i-delete-it/

why does array index start from zero?



  • why does array index start from zero?

To use a data item, you must calculate its correct address


Why do indexes of arrays start with zero?
The first location of an array is addressed by the pointer to the array.
Subsequent locations in the array are indicated by an offset from that pointer.
http://www.linkedin.com/groupItem?view=&gid=70526&type=member&item=218956807&commentID=123192360&report.success=8ULbKyXO6NDvmoK7o030UNOYGZKrvdhBhypZ_w8EpQrrQI-BBjkmxwkEOwBjLE28YyDIxcyEO7_TA_giuRN#commentID_123192360



  • Here's some C code to explain the offsets a little better:

Code:

int array[3];

int* parray = &array;

int val0 = *(parray + 0);   // 1st element (note the +0 is not required)
int val1 = *(parray + 1);   // 2nd element
int val2 = *(parray + 2);   // 3rd element

http://ubuntuforums.org/showthread.php?t=1275797


  • Zero-based numbering

Advantages
One advantage of this convention is in the use of modular arithmetic as implemented in modern computers. Usually, the modulo function maps any integer modulo N to one of the numbers 0, 1, 2, ..., N - 1, where N = 1. Because of this, many formulas in algorithms (such as that for calculating hash table indices) can be elegantly expressed in code using the modulo operation when array indices start at zero.

A second advantage of zero-based array indexes is that this can improve efficiency under certain circumstances. To illustrate, suppose a is the memory address of the first element of an array, and i is the index of the desired element. In this fairly typical scenario, it is quite common to want the address of the desired element. If the index numbers count from 1, the desired address is computed by this expression:

    a + s × (i - 1)

where s is the size of each element. In contrast, if the index numbers count from 0, the expression becomes this:

    a + s × i

This simpler expression can be more efficient to compute in certain situations.

A third advantage is that ranges are more elegantly expressed as the half-open interval, [0,n), as opposed to the closed interval, [1,n], because empty ranges often occur as input to algorithms (which would be tricky to express with the closed interval without resorting to obtuse conventions like [1,0])

http://en.wikipedia.org/wiki/Zero-based_numbering




  • It starts at 0 because the index value tells the computer how far it needs to move away from the starting point in the array.

if you use an array (without giving an index number in brackets), you are really only referring to the memory address of the starting point of the array
When you reference a specific value in the array, you are telling the programming language to start at the memory address of the beginning of the array and then move up the memory address as needed
lets say a program allocates space in the memory between address numbers 1024 and 2048 and it starts at 1024 and each item in the array is 8 bytes long
arrayName[0] is the same as telling it to look at the data stored at the memory address of (1024 + (0 * 8)), or 1024
If you want the value stored at arrayName[1], then it looks at the value held at (1024 + (1*8)), which is 1032
If you wanted the value held at arrayName[10], then it would look at the data stored in the memory address of 1024 + (10 * 8), which is 1104.
http://answers.yahoo.com/question/index?qid=20090528223815AACZDDY



  • The discussion over why the array index should start at zero is not a trivial one and relates to interesting concepts from computer science. 

First of all, it has strong relation to language design. For example in C, the name of an array is essentially a pointer, a reference to a memory location, and so the expression array[n] refers to a memory location n-elements away from the starting element.
This means that the index is used as an offset.
The first element of the array is exactly contained in the memory location that array refers (0 elements away), so it should be denoted as array[0]
http://developeronline.blogspot.com/2008/04/why-array-index-should-start-from-0.html