variable initialization
play

Variable Initialization Some languages let you declare variables - PowerPoint PPT Presentation

Oct 15, 2022 •33 likes •203 views

Variable Initialization Some languages let you declare variables without specifying their initial values And let you use them without initializing them E.g., C and C++ Why is that a problem? Lecture 14 Page 1 CS 236 Online

  1. Variable Initialization • Some languages let you declare variables without specifying their initial values • And let you use them without initializing them – E.g., C and C++ • Why is that a problem? Lecture 14 Page 1 CS 236 Online

  2. Variable Initialization • Some languages let you declare variables without specifying their initial values • And let you use them without initializing them – E.g., C and C++ • Why is that a problem? Lecture 14 Page 2 CS 236 Online

  3. A Little Example main() { bar() { foo(); int aa; bar(); int bb; } int cc; foo() printf("aa = %d\n",aa); { printf("bb = %d\n",bb); int a; printf("cc = %d\n",cc); int b; } int c; a = 11; b = 12; c = 13; } Lecture 14 Page 3 CS 236 Online

  4. What’s the Output? lever.cs.ucla.edu[9]./a.out aa = 11 bb = 12 cc = 13 • Perhaps not exactly what you might want Lecture 14 Page 4 CS 236 Online

  5. Why Is This Dangerous? • Values from one function “leak” into another function • If attacker can influence the values in the first function, • Maybe he can alter the behavior of the second one Lecture 14 Page 5 CS 236 Online

  6. Variable Cleanup • Often, programs reuse a buffer or other memory area • If old data lives in this area, might not be properly cleaned up • And then can be treated as something other than what it really was • E.g., bug in Microsoft TCP/IP stack – Old packet data treated as a function pointer Lecture 14 Page 6 CS 236 Online

  7. Use-After-Free Bugs • Increasingly popular security bug type • Related to memory management – Memory structures are dynamically allocated on the heap • Either explicitly or implicitly freed – Depending on language and context • In some cases, pointers can be used to access freed memory – E.g., in C and C++ Lecture 14 Page 7 CS 236 Online

  8. An Example Use-After-Free Bug • In OpenSSL (from 2009) . . . frag->fragment,frag->msg_header.frag_len); } dtls1_hm_fragment_free(frag); dtls1_hm_fragment_free(frag); pitem_free(item); if (al==0) { *ok = 1; return frag->msg_header.frag_len; return frag->msg_header.frag_len } Lecture 14 Page 8 CS 236 Online

  9. What Was the Effect? • Typically, crashing the program • But it would depend • When combined with other vulnerabilities, could be worse • E.g., arbitrary code execution • Often making use of poor error handling code Lecture 14 Page 9 CS 236 Online

  10. Recent Examples of Use-After- Free Bugs • Internet Explorer (2014, several in 2012-2013) • Adobe Reader and Acrobat (2014) • Mozilla, multiple products (2012) • Google Chrome (2012) Lecture 14 Page 10 CS 236 Online

  11. Some Other Problem Areas • Handling of data structures – Indexing error in DAEMON Tools • Arithmetic issues – Integer overflow in Sophos antivirus – Signedness error in XnView • Errors in flow control – Samba error that causes loop to use wrong structure • Off-by-one errors – Denial of service flaw in Clam AV Lecture 14 Page 11 CS 236 Online

  12. Yet More Problem Areas • Null pointer dereferencing – Xarrow SCADA system denial of service • Side effects • Punctuation errors • Typos and cut-and-paste errors – Recent iOS vulnerability based on inadvertent duplication of a goto statement • There are many others Lecture 14 Page 12 CS 236 Online

  13. Why Should You Care? • A lot of this stuff is kind of exotic • Might seem unlikely it can be exploited • Sounds like it would be hard to exploit without source code access • Many examples of these bugs probably unexploitable Lecture 14 Page 13 CS 236 Online

  14. So . . .? • Well, that’s what everyone thinks before they get screwed • “Nobody will find this bug” • “It’s too hard to figure out how to exploit this bug” • “It will get taken care of by someone else” – Code auditors – Testers – Firewalls Lecture 14 Page 14 CS 236 Online

  15. That’s What They Always Say • Before their system gets screwed • Attackers can be very clever – Maybe more clever than you • Attackers can work very hard – Maybe harder than you would • Attackers may not have the goals you predict Lecture 14 Page 15 CS 236 Online

  16. But How to Balance Things? • You only have a certain amount of time to design and build code • Won’t secure coding cut into that time? • Maybe • But less if you develop code coding practices • If you avoid problematic things, you’ll tend to code more securely Lecture 14 Page 16 CS 236 Online

  17. Some Good Coding Practices • Validate input • Be careful with failure conditions and return codes • Avoid dangerous constructs – Like C input functions that don’t specify amount of data • Keep it simple Lecture 14 Page 17 CS 236 Online

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Characters Boolean A char variable stores a single character A boolean value represents

1 Characters Boolean A char variable stores a single character A boolean value represents

CSC 2014 Java Bootcamp Lecture 2 Variables, Expressions, I/O & Control VARIABLES & EXPRESSIONS 2 Variables Variable Initialization A variable is a name for a location in memory A variable can be given an initial value in the

105 views • 10 slides
for Sound Object Initialization Xin Qi and Andrew C. Myers Cornell University Friday, June 3,

for Sound Object Initialization Xin Qi and Andrew C. Myers Cornell University Friday, June 3,

for Sound Object Initialization Xin Qi and Andrew C. Myers Cornell University Friday, June 3, 2011 Fix the initialization problem Current mechanisms for object initialization are unsound This talk: a lightweight type system for sound

365 views • 22 slides
Cluster Center Initialization for Categorical Data Using Multiple Attribute Clustering Shehroz S.

Cluster Center Initialization for Categorical Data Using Multiple Attribute Clustering Shehroz S.

Outline Introduction K-Modes Clustering Cluster Center Initialization Proposed Approach Results Conclusions Cluster Center Initialization for Categorical Data Using Multiple Attribute Clustering Shehroz S. Khan 1 Amir Ahmad 2 1 David R.

598 views • 31 slides
Initializer lists and uniform initialization slides based on talk by Bjarne Stroustrup Jon

Initializer lists and uniform initialization slides based on talk by Bjarne Stroustrup Jon

Initializer lists Uniform initialization Initializer lists and uniform initialization slides based on talk by Bjarne Stroustrup Jon Elverkilde April 25, 2008 Initializer lists Uniform initialization Initializer lists myClass :

487 views • 15 slides
Selection of variables in initialization of Modelica models Masoud Najafi INRIA ( French national

Selection of variables in initialization of Modelica models Masoud Najafi INRIA ( French national

Selection of variables in initialization of Modelica models Masoud Najafi INRIA ( French national research institute on computer and control ) Rocquencourt, France Outline The Modelica language in Scicos Initialization of Modelica models

243 views • 20 slides
Fast and Energy-Efficient In-DRAM Bulk Data Copy and Initialization Vivek Seshadri Y. Kim, C.

Fast and Energy-Efficient In-DRAM Bulk Data Copy and Initialization Vivek Seshadri Y. Kim, C.

Fast and Energy-Efficient In-DRAM Bulk Data Copy and Initialization Vivek Seshadri Y. Kim, C. Fallin, D. Lee, R. Ausavarungnirun, G. Pekhimenko, Y. Luo, O. Mutlu, P. B. Gibbons, M. A. Kozuch, T. C. Mowry Bulk data copy and initialization

702 views • 49 slides
Variables in C++ The variable C++ Variables Kinds of Variables Memory storage

Variables in C++ The variable C++ Variables Kinds of Variables Memory storage

Variables in C++ The variable C++ Variables Kinds of Variables Memory storage Variable qualifiers The variable The variable A variable declaration is a request for space Basic data types in memory int , short,

239 views • 6 slides
Numberjack User Guide May 27, 2013 1 Variables Constructor for the class Variable : Constructor

Numberjack User Guide May 27, 2013 1 Variables Constructor for the class Variable : Constructor

Numberjack User Guide May 27, 2013 1 Variables Constructor for the class Variable : Constructor Object Binary variable Variable() Variable in the domain of { 0, N-1 } Variable(N) Binary variable called x Variable(x) Variable in

418 views • 4 slides
1 Example : Example: Medical researchers have noted that adolescent females are more likely

1 Example : Example: Medical researchers have noted that adolescent females are more likely

Regression analysis is used to investigate whether there is a linear STAT E-150 relationship between two quantitative variables. Statistical Methods The variable we want to predict is the response variable ; the variable we use for this

366 views • 11 slides
CSE 143 Initialization: Review Variables must be initialized before 1st use int sum; Class

CSE 143 Initialization: Review Variables must be initialized before 1st use int sum; Class

CSE 143 Initialization: Review Variables must be initialized before 1st use int sum; Class Constructors for (int i = 0; i < 10; i++) sum = sum + i; //whoops! Simple types can be initialized at declaration [Chapter 3, pp. 127-131]

573 views • 4 slides
Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on

Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on

Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on Interface Elements Andrew Seagraves 18.337 Final Project My Parallel DG Code Computes the solution to non-linear elasticity problems allowing

387 views • 20 slides
Improved Initialization and Prediction of Clouds in Numerical Weather Prediction Tom Aulign

Improved Initialization and Prediction of Clouds in Numerical Weather Prediction Tom Aulign

Sixth Symposium on Data Assimilation. Washington, DC. Oct. 7-11, 2013 Improved Initialization and Prediction of Clouds in Numerical Weather Prediction Tom Aulign National Center for Atmospheric Research Acknowledgments: Gael Descombes,

255 views • 14 slides
Template Rendering DTL Usage Variables {{variable}} Notation: IF Variable Not Valid:

Template Rendering DTL Usage Variables {{variable}} Notation: IF Variable Not Valid:

Template Rendering DTL Usage Variables {{variable}} Notation: IF Variable Not Valid: TEMPLATE_STRING_IF_INVALID Filters Notation: {{variable|filter}} Example: {{ name|lower }} {{bio|truncatewords:30 }} {{value|filesizeformat}} Tags

561 views • 12 slides
Programming in C 1 Pointer Variable A variable that stores a memory address Allows C

Programming in C 1 Pointer Variable A variable that stores a memory address Allows C

Programming in C 1 Pointer Variable A variable that stores a memory address Allows C programs to simulate call-by-reference Allows a programmer to create and manipulate dynamic data structures Must be defined before it can be used

729 views • 28 slides
Lecture 26/Chapter 22 variable of interest is categorical) or mean (if variable of interest is

Lecture 26/Chapter 22 variable of interest is categorical) or mean (if variable of interest is

Two Forms of Inference Confidence interval: Set up a range of plausible values for the unknown population proportion (if Lecture 26/Chapter 22 variable of interest is categorical) or mean (if variable of interest is quantitative). Hypothesis

79 views • 5 slides
Improving Transformer Optimization Through Better Initialization Xiao Shi Huang*, Felipe Perez*,

Improving Transformer Optimization Through Better Initialization Xiao Shi Huang*, Felipe Perez*,

Improving Transformer Optimization Through Better Initialization Xiao Shi Huang*, Felipe Perez*, Jimmy Ba, Maksims Volkovs 1 Transformer in Detail Removing Warmup: T-Fixup Agenda Experimental Results Summary 2

484 views • 23 slides
First results of T2K - nd280 Front End Electronics performance with GM - APDs Antonin Vacheret

First results of T2K - nd280 Front End Electronics performance with GM - APDs Antonin Vacheret

First results of T2K - nd280 Front End Electronics performance with GM - APDs Antonin Vacheret for the T2K-UK electronics and photosensors groups 1 Outline T2K and the 280m near detectors overview of the Trip - t Front End Board ( TFB )

491 views • 36 slides
People Management People Management Week 13 1 Announcement Announcement Midterm 2

People Management People Management Week 13 1 Announcement Announcement Midterm 2

People Management People Management Week 13 1 Announcement Announcement Midterm 2 Wednesday, April 27 Scope Week 11 Week 13 Short answer questions q People i in Software Development f l People are the most

640 views • 50 slides
the problem People are afraid of ovens, too. They don t like getting burned:

the problem People are afraid of ovens, too. They don t like getting burned:

ejectAoven sketch model review 2.009 Team Blue B October 2, 2008 the problem People are afraid of ovens, too. They don t like getting burned: My emotional wounds continue to heal to this day.

397 views • 11 slides
JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan

JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan

JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan Schmitt 1 , Lori Lorigo 2 , Christoph Kreitz 2 , Aleksey Nogin 2 1 Dept. of Sciences and Engineering 2 Dept. of Computer Science Saint Louis

579 views • 8 slides
3D vision: subjunctives D.A. Forsyth OR: Go to the ant; consider its ways and be wise

3D vision: subjunctives D.A. Forsyth OR: Go to the ant; consider its ways and be wise

3D vision: subjunctives D.A. Forsyth OR: Go to the ant; consider its ways and be wise What does vision do? (traditional) Recognition instances (who is this?) allocate pictures of objects to categories (classification)

418 views • 19 slides
What is Insurance? Insurance is protection against risks. We face many risks in our lives:

What is Insurance? Insurance is protection against risks. We face many risks in our lives:

What is Insurance? Insurance is protection against risks. We face many risks in our lives: Car accident Theft Disability Heart attack Etc. Consumers buy insurance to pay for the costs associated with some of these

188 views • 5 slides
An object oriented model for the representation of temporal data in the Integra framework James

An object oriented model for the representation of temporal data in the Integra framework James

An object oriented model for the representation of temporal data in the Integra framework James Bullock 1 Henrik Frisk 2 1 Music Technology Department at Birmingham Conservatoire Birmingham City University 2 Composition Department at Malm

727 views • 62 slides
Rickard Ewetz Cheng-Kok Koh ECE Department, Purdue University Introduction Clock tree Source

Rickard Ewetz Cheng-Kok Koh ECE Department, Purdue University Introduction Clock tree Source

Rickard Ewetz Cheng-Kok Koh ECE Department, Purdue University Introduction Clock tree Source Sample clock network Slew Buffer Skew Variations Wire Sinks 1 2 3 4 5 6 7 8 Related 41 50 Arrival time : 42 45 Local

443 views • 13 slides

More recommend