secure c programming memory management
play

Secure C Programming: Memory Management Lucas Cordeiro Department - PowerPoint PPT Presentation

Dec 26, 2023 •177 likes •1.63k views

Systems and Software Verification Laboratory Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Secure C Programming Lucas Cordeiro (Formal Methods Group)

  1. Self-referential structures • Self-referential structures § Structure that contains a pointer to a structure of the same type § Terminated with a NULL pointer ( 0 ) typedef struct node { int data; struct node *nextPtr; } nodet;

  2. Self-referential structures • Self-referential structures § Structure that contains a pointer to a structure of the same type § Terminated with a NULL pointer ( 0 ) typedef struct node { Not setting the link in the last int data; node of a list to NULL can struct node *nextPtr; lead to runtime errors } nodet; § nextPtr o Points to an object of type node o Referred to as a link o Ties one node to another node

  3. Self-referential structures • Self-referential structures § Structure that contains a pointer to a structure of the same type § Terminated with a NULL pointer ( 0 ) typedef struct node { Not setting the link in the last int data; node of a list to NULL can struct node *nextPtr; lead to runtime errors } nodet; § nextPtr o Points to an object of type node o Referred to as a link o Ties one node to another node § Can be linked together to form useful data structures such as lists , queues , stacks and trees

  4. Dynamic memory allocation • Dynamic memory allocation § Obtain and release memory during execution

  5. Dynamic memory allocation • Dynamic memory allocation § Obtain and release memory during execution • malloc malloc § Takes number of bytes to allocate o Use sizeof sizeof to determine the size of an object § Returns pointer of type void * void * o A void * void * pointer may be assigned to any pointer o If no memory available, returns NULL NULL § Example: nodet nodet * *newPtr newPtr = ( = (nodet nodet *) *)malloc malloc(sizeof sizeof(nodet nodet)); ));

  6. Dynamic memory allocation • Dynamic memory allocation § Obtain and release memory during execution • malloc malloc § Takes number of bytes to allocate o Use sizeof sizeof to determine the size of an object § Returns pointer of type void * void * o A void * void * pointer may be assigned to any pointer o If no memory available, returns NULL NULL § Example: nodet nodet * *newPtr newPtr = ( = (nodet nodet *) *)malloc malloc(sizeof sizeof(nodet nodet)); )); • free free § Always deallocates memory allocated by malloc malloc to avoid memory leak § Takes a pointer as an argument o free ( free (newPtr newPtr); );

  7. Dynamic memory allocation Two self-referential structures linked together 15 10 int main() { // allocates memory nodet *node1 = (nodet *)malloc(sizeof(nodet)); nodet *node2 = (nodet *)malloc(sizeof(nodet)); node1->data = 15; node2->data = 10; // link node1 to node2 node1->nextPtr = node2; node2->nextPtr = NULL; // Deallocates memory allocated by malloc free(node1); free(node2); return 0; }

  8. Dynamic memory allocation Two self-referential structures linked together 15 10 int main() { // allocates memory nodet *node1 = (nodet *)malloc(sizeof(nodet)); nodet *node2 = (nodet *)malloc(sizeof(nodet)); node1->data = 15; node2->data = 10; If there exists no memory // link node1 to node2 available, then malloc node1->nextPtr = node2; returns NULL node2->nextPtr = NULL; // Deallocates memory allocated by malloc free(node1); free(node2); return 0; }

  9. Linked lists properties • Linked list § Linear collection of self-referential class objects, called nodes 15 5 10

  10. Linked lists properties • Linked list § Linear collection of self-referential class objects, called nodes § Connected by pointer links 15 5 10

  11. Linked lists properties • Linked list § Linear collection of self-referential class objects, called nodes § Connected by pointer links § Accessed via a pointer to the first node of the list head 15 5 10

  12. Linked lists properties • Linked list § Linear collection of self-referential class objects, called nodes § Connected by pointer links § Accessed via a pointer to the first node of the list § Subsequent nodes are accessed via the link-pointer member of the current node head currentPtr 15 5 10

  13. Linked lists properties • Linked list § Linear collection of self-referential class objects, called nodes § Connected by pointer links § Accessed via a pointer to the first node of the list § Subsequent nodes are accessed via the link-pointer member of the current node § Link pointer in the last node is set to NULL to mark the list ’ s end head currentPtr 15 5 10

  14. Linked lists properties • Linked list § Linear collection of self-referential class objects, called nodes § Connected by pointer links § Accessed via a pointer to the first node of the list § Subsequent nodes are accessed via the link-pointer member of the current node § Link pointer in the last node is set to NULL to mark the list ’ s end • Use a linked list instead of an array when § You have an unpredictable number of elements § Your list needs to be sorted quickly

  15. Linked lists properties • Linked lists are dynamic , so the length of a list can increase or decrease as necessary

  16. Linked lists properties • Linked lists are dynamic , so the length of a list can increase or decrease as necessary • Can we change the array size after compiling the program? What are the problems here?

  17. Linked lists properties • Linked lists are dynamic , so the length of a list can increase or decrease as necessary • Can we change the array size after compiling the program? What are the problems here? § Arrays can become full o An array can be declared to contain more elements than the number of data items expected, but this can waste memory

  18. Linked lists properties • Linked lists are dynamic , so the length of a list can increase or decrease as necessary • Can we change the array size after compiling the program? What are the problems here? § Arrays can become full o An array can be declared to contain more elements than the number of data items expected, but this can waste memory • Linked lists become full only when the system has insufficient memory to satisfy dynamic storage allocation requests § It can provide better memory utilization

  19. Linked lists properties • Linked-list nodes usually are not stored contiguously in memory

  20. Linked lists properties • Linked-list nodes usually are not stored contiguously in memory § How are arrays stored in memory? What would be the advantage here?

  21. Linked lists properties • Linked-list nodes usually are not stored contiguously in memory § How are arrays stored in memory? What would be the advantage here? o This allows immediate access since the address of any element can be calculated directly based on its position relative to the beginning of the array ✽ Linked lists do not afford such immediate access

  22. Linked lists properties • Linked-list nodes usually are not stored contiguously in memory § How are arrays stored in memory? What would be the advantage here? o This allows immediate access since the address of any element can be calculated directly based on its position relative to the beginning of the array ✽ Linked lists do not afford such immediate access • Logically, however, the nodes of a linked list appear to be contiguous § Pointers take up space; dynamic memory allocation incurs the overhead of function calls

  23. A graphical representation of a linked list startPtr 15 10 18 … int main() { … // link the nodes startPtr = node1; node1->nextPtr = node2; node2->nextPtr = node3; node3->nextPtr = NULL; … return 0; }

  24. A graphical representation of a linked list startPtr 15 10 18 … int main() { Pointers should be initialised … before they’re used // link the nodes startPtr = node1; node1->nextPtr = node2; node2->nextPtr = node3; node3->nextPtr = NULL; … return 0; }

  25. A graphical representation of a linked list startPtr 15 10 18 … int main() { Pointers should be initialised … before they’re used // link the nodes startPtr = node1; A structure’s size is not node1->nextPtr = node2; necessarily the sum of the size node2->nextPtr = node3; node3->nextPtr = NULL; of its members (machine- … dependent boundary return 0; alignment) }

  26. Error prevention when using linked lists • If dynamically allocated memory is no longer needed, use free free to return it to the system § Why must we set that pointer to NULL?

  27. Error prevention when using linked lists • If dynamically allocated memory is no longer needed, use free free to return it to the system § Why must we set that pointer to NULL? o eliminate the possibility that the program could refer to memory that’s been reclaimed and which may have already been allocated for another purpose

  28. Error prevention when using linked lists • If dynamically allocated memory is no longer needed, use free free to return it to the system § Why must we set that pointer to NULL? o eliminate the possibility that the program could refer to memory that’s been reclaimed and which may have already been allocated for another purpose • Is it an error to free memory not allocated dynamically with malloc ?

  29. Error prevention when using linked lists • If dynamically allocated memory is no longer needed, use free free to return it to the system § Why must we set that pointer to NULL? o eliminate the possibility that the program could refer to memory that’s been reclaimed and which may have already been allocated for another purpose • Is it an error to free memory not allocated dynamically with malloc ? § Referring to memory that has been freed is an error, which results in the program crashing (double free)

  30. Illustrative example about linked lists • We will show an example of linked list that manipulates a list of characters • You can insert a character in the list in alphabetical order (function insert ) or to delete a character from the list (function delete )

  31. Inserting and deleting nodes in a list (Part 1 of 8)

  32. Inserting and deleting nodes in a list (Part 2 of 8)

  33. Inserting and deleting nodes in a list (Part 3 of 8)

  34. reassigned pointers Inserting a node in order in a list

  35. Inserting and deleting nodes in a list (Part 4 of 8)

  36. Inserting and deleting nodes in a list (Part 5 of 8)

  37. tempPtr is used to free tempPtr is a local the memory allocated to automatic variable the node that stores 'C' Deleting a node from a list

  38. Inserting and deleting nodes in a list (Part 6 of 8)

  39. Inserting and deleting nodes in a list (Part 7 of 8)

  40. Inserting and deleting nodes in a list (Part 8 of 8)

  41. Sample output for the program (Part 1 of 2)

  42. Sample output for the program (Part 2 of 2)

  43. Analysis of the linked list OPERATION RUNTIME (Big-O) add to start of list add to end of list add at given index find an object remove first element remove last element remove at given index size

  44. O(1) Analysis of the linked list (insert) – Part 1 of 2

  45. O(n) Analysis of the linked list (insert) – Part 2 of 2 Insert -- runtime: O(1)+O(n)+O(1) = O(n)

  46. O(n) O(1) Analysis of the linked list (insert) – Part 2 of 2 Insert -- runtime: O(1)+O(n)+O(1) = O(n)

  47. O(1) Analysis of the linked list (delete) – Part 1 of 2

  48. O(1) O(1) Analysis of the linked list (delete) – Part 1 of 2

  49. O(1) O(1) O(n) Analysis of the linked list (delete) – Part 1 of 2

  50. O(1) Analysis of the linked list (delete) – Part 2 of 2 Delete -- runtime: O(1)+O(n)+O(1) = O(n)

  51. Analysis of the linked list OPERATION RUNTIME (Big-O) add to start of list O( 1 ) add to end of list O(n) add at given index O( n ) find an object O( n ) remove first element O( 1 ) remove last element O(n) remove at given index O( n ) size O(1)

  52. Intended learning outcomes • Understand risk assessment to guide software developers • Review dynamic data structures (linked list) • Provide rules for secure coding in the C programming language • Develop safe , reliable , and secure systems • Eliminate undefined behaviours that can lead to undefined program behaviours and exploitable vulnerabilities

  53. Do not access freed memory (MEM30-C) • Evaluating a pointer into memory that has been deallocated by a memory management function is undefined behaviour

  54. Do not access freed memory (MEM30-C) • Evaluating a pointer into memory that has been deallocated by a memory management function is undefined behaviour • Pointers to memory that has been deallocated are called dangling pointers § Accessing a dangling pointer can result in exploitable vulnerabilities

  55. Do not access freed memory (MEM30-C) • Evaluating a pointer into memory that has been deallocated by a memory management function is undefined behaviour • Pointers to memory that has been deallocated are called dangling pointers § Accessing a dangling pointer can result in exploitable vulnerabilities • Using the value of a pointer that refers to space deallocated by a call to the free() or realloc() function is undefined behaviour

  56. Noncompliant Code Example • Illustrates the incorrect technique for freeing the memory associated with a linked list # include <stdlib.h> struct node { int value; struct node *next; }; void free_list(struct node *head) { for ( struct node *p = head; p != NULL; p = p->next) { free (p); } }

  57. Compliant Solution • p is freed before p->next is executed, so that p->next reads memory that has already been freed # include <stdlib.h> struct node { int value; struct node *next; }; void free_list(struct node *head) { struct node *q; for ( struct node *p=head; p!=NULL; p=q) { q = p->next; free (p); } }

  58. Risk Assessment • Reading memory that has been freed can lead to § abnormal program termination § denial-of-service attacks

  59. Risk Assessment • Reading memory that has been freed can lead to § abnormal program termination § denial-of-service attacks • Writing memory that has already been freed can lead to the execution of arbitrary code

  60. Risk Assessment • Reading memory that has been freed can lead to § abnormal program termination § denial-of-service attacks • Writing memory that has already been freed can lead to the execution of arbitrary code • Reading a pointer to deallocated memory is undefined behaviour § the pointer value is indeterminate and might be a trap representation

  61. Risk Assessment • Reading memory that has been freed can lead to § abnormal program termination § denial-of-service attacks • Writing memory that has already been freed can lead to the execution of arbitrary code • Reading a pointer to deallocated memory is undefined behaviour § the pointer value is indeterminate and might be a trap representation Rule Severity Likelihood Remediation cost Priority Level MEM30-C High Likely Medium P18 L1

  62. Free dynamically allocated memory when no longer needed (MEM31-C) • Before the lifetime of the last pointer that stores the return value of a call to a standard memory allocation function has ended, it must be matched by a call to free() with that pointer value

  63. Noncompliant Code Example • The object allocated by the call to malloc() is not freed before the end of the lifetime of the last pointer text_buffer referring to the object # include <stdlib.h> enum { BUFFER_SIZE = 32 }; int f(void) { char *text_buffer=(char *) malloc (BUFFER_SIZE); if (text_buffer == NULL) { return -1; } return 0; }

  64. Compliant Solution • The pointer must be deallocated with a call to free() : # include <stdlib.h> enum { BUFFER_SIZE = 32 }; int f(void) { char *text_buffer=(char *) malloc (BUFFER_SIZE); if (text_buffer == NULL) { return -1; } free (text_buffer); return 0; }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

4/14/2018 Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign physical memory to processes 5B. Memory Allocation explicit requests: malloc (sbrk) implicit: program loading, stack extension

555 views • 9 slides
Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign

4/12/2017 Memory Management Memory Management 5A. Memory Management and Address Spaces 1. allocate/assign physical memory to processes 5B. Simple Memory Allocation explicit requests: malloc (sbrk) implicit: program loading, stack

205 views • 8 slides
Operating Systems ECE344 Ding Yuan Memory Management Next few lectures are going to cover

Operating Systems ECE344 Ding Yuan Memory Management Next few lectures are going to cover

Operating Systems ECE344 Ding Yuan Memory Management Next few lectures are going to cover memory management Goals of memory management To provide a convenient abstraction for programming To allocate scarce memory resources among

682 views • 41 slides
Course Overview Day 1: Fundamentals accelerator architectures, review of shared-memory

Course Overview Day 1: Fundamentals accelerator architectures, review of shared-memory

Course Overview Day 1: Fundamentals accelerator architectures, review of shared-memory programming Day 2: Programming for GPUs thread management, memory management, streaming Day 3: Advanced GPU Programming performance

652 views • 18 slides
ECE 650 Systems Programming &amp; Engineering Spring 2018 Virtual Memory Management Tyler

ECE 650 Systems Programming &amp; Engineering Spring 2018 Virtual Memory Management Tyler

ECE 650 Systems Programming &amp; Engineering Spring 2018 Virtual Memory Management Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Memory Management 3 issues to consider More than 1 process cant own all

950 views • 30 slides
Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on

Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on

Memory Management Lecture 5: Memory Management 1 / 54 Memory Management Administrivia Assignment 1 is due on September 7th @ 11:59pm 2 / 54 Memory Management Poll https: // www.strawpoll.me / 20863490 3 / 54 Memory Management Recap

952 views • 54 slides
Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure

Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure

Outline W X (DEP) CSci 4271W Return-oriented programming (ROP) Development of Secure Software Systems Day 6: Memory safety defenses and counter-attacks Announcements break Stephen McCamant University of Minnesota, Computer Science &amp;

394 views • 4 slides
28.05.04 09:50 Memory Management The computer memory is a limited resource so the Memory

28.05.04 09:50 Memory Management The computer memory is a limited resource so the Memory

28.05.04 09:50 Memory Management The computer memory is a limited resource so the Memory Management memory use of programs has to be managed in some way. Memory Management The memory management is usually performed by a runtime system

782 views • 13 slides
Efficient Parallel Functional Programming with Hierarchical Memory Management Sam Westrick

Efficient Parallel Functional Programming with Hierarchical Memory Management Sam Westrick

Efficient Parallel Functional Programming with Hierarchical Memory Management Sam Westrick Carnegie Mellon University Joint work with: Ram Raghunathan, Adrien Guatto, Stefan Muller, Rohan Yadav, Umut Acar, Guy Blelloch, Matthew Fluet Setting

892 views • 42 slides
Qi Gao, Wenbin Zhang, Yan Tang, and Feng Qin The Ohio State University 1 Memory Management Bugs

Qi Gao, Wenbin Zhang, Yan Tang, and Feng Qin The Ohio State University 1 Memory Management Bugs

Qi Gao, Wenbin Zhang, Yan Tang, and Feng Qin The Ohio State University 1 Memory Management Bugs are Severe Memory management bugs: Programming errors related to memory management E.g., buffer overflows, dangling pointers, etc.

820 views • 25 slides
Roadmap for Section 3 Classical Memory Management Approaches Segmentation Paging /

Roadmap for Section 3 Classical Memory Management Approaches Segmentation Paging /

3. Memory Management for Embedded Systems Roadmap for Section 3 Classical Memory Management Approaches Segmentation Paging / Paging Virtual Memory Problems of Classical MM-Approaches Memory and Real-Time Programming

576 views • 31 slides
Memory Management Memory Management Memory a linear array of bits, bytes, words, pages ... -

Memory Management Memory Management Memory a linear array of bits, bytes, words, pages ... -

CS510 Operating System Foundations Jonathan Walpole Memory Management Memory Management Memory a linear array of bits, bytes, words, pages ... - Each byte is named by a unique memory address - Holds instructions and data for OS and user

761 views • 56 slides
SecPM: a Secure and Persistent Memory System for Non-volatile Memory Pengfei Zuo, Yu Hua Huazhong

SecPM: a Secure and Persistent Memory System for Non-volatile Memory Pengfei Zuo, Yu Hua Huazhong

SecPM: a Secure and Persistent Memory System for Non-volatile Memory Pengfei Zuo, Yu Hua Huazhong University of Science and Technology, China 10th USENIX Workshop on Hot Topics in Storage and File Systems (HotStorage18) Persistence Issue

577 views • 26 slides
CSE 341: Programming Languages Spring 2006 Lecture 29 Automatic Memory Management What

CSE 341: Programming Languages Spring 2006 Lecture 29 Automatic Memory Management What

CSE 341: Programming Languages Spring 2006 Lecture 29 Automatic Memory Management What Every CS Student Should Know About Garbage Collection CSE 341 Spring 2006, Lecture 29 1 From The Beginning... What is memory management and why do

533 views • 19 slides
CSE 341: Programming Languages Spring 2005 Lecture 29 Automatic Memory Management What

CSE 341: Programming Languages Spring 2005 Lecture 29 Automatic Memory Management What

CSE 341: Programming Languages Spring 2005 Lecture 29 Automatic Memory Management What Every CS Student Should Know About Garbage Collection CSE 341 Spring 2005, Lecture 29 1 From The Beginning... What is memory management and why do

191 views • 17 slides
Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes

Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes

Advanced Operating Systems MS degree in Computer Engineering University of Rome Tor Vergata Lecturer: Francesco Quaglia Kernel level memory management 1. The very base on boot vs memory management 2. Memory Nodes (UMA vs NUMA) 3. x86

1.18k views • 114 slides
Lecture 4: Elementary Data Structures Steven Skiena Department of Computer Science State

Lecture 4: Elementary Data Structures Steven Skiena Department of Computer Science State

Lecture 4: Elementary Data Structures Steven Skiena Department of Computer Science State University of New York Stony Brook, NY 117944400 http://www.cs.sunysb.edu/ skiena Problem of the Day True or False? 1. 2 n 2 + 1 = O ( n 2 ) 2.

637 views • 25 slides
Dictionaries and Dynamic Sets Abstract Data Type (ADT) Dictionary : Insert ( x , D ): inserts x

Dictionaries and Dynamic Sets Abstract Data Type (ADT) Dictionary : Insert ( x , D ): inserts x

CS 5633 -- Spring 2006 Dictionaries and Dynamic Sets Abstract Data Type (ADT) Dictionary : Insert ( x , D ): inserts x into D D is a Delete ( x , D ): deletes x from D dynamic set Find ( x , D ): finds x in D Augmenting Data Structures Popular

235 views • 7 slides
Dynamically Allocating 2-D Arrays Spring Semester 2011 Programming and Data Structure 1 You may

Dynamically Allocating 2-D Arrays Spring Semester 2011 Programming and Data Structure 1 You may

Dynamically Allocating 2-D Arrays Spring Semester 2011 Programming and Data Structure 1 You may recall . We have discussed earlier the issue of dynamically allocating space for 1-D arrays. Using malloc() library function. Pros

283 views • 26 slides
Week 11 -Wednesday What did we talk about last time? Exam 2 Before that: Review

Week 11 -Wednesday What did we talk about last time? Exam 2 Before that: Review

Week 11 -Wednesday What did we talk about last time? Exam 2 Before that: Review Before that: Networking What if you want to hold a lot of int values, or String values, or Wombat values? You make an array! But

318 views • 20 slides
Compiler Construction Lecture 18: Code Generation V (Implementation of Dynamic Data Structures)

Compiler Construction Lecture 18: Code Generation V (Implementation of Dynamic Data Structures)

Compiler Construction Lecture 18: Code Generation V (Implementation of Dynamic Data Structures) Thomas Noll Lehrstuhl f ur Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de

945 views • 46 slides
Pr ts

Pr ts

Pr ts t rt t s rst Ptr

621 views • 25 slides
Part 2, course 2: Cache Oblivious Algorithms CR10: Data Aware Algorithms October 2, 2019 Agenda

Part 2, course 2: Cache Oblivious Algorithms CR10: Data Aware Algorithms October 2, 2019 Agenda

Part 2, course 2: Cache Oblivious Algorithms CR10: Data Aware Algorithms October 2, 2019 Agenda Previous course (Sep. 25): Ideal Cache Model and External Memory Algorithms Today: Cache Oblivious Algorithms and Data Structures Next week

554 views • 36 slides
CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming Languages Foundations of

CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming Languages Foundations of

CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming Languages Foundations of Computer Systems Ben Wood Ben Wood Virtual Memory Process Abstraction, Part 2: Private Address Space Motivation : why not direct physical memory access?

556 views • 39 slides

More recommend