Presentation is loading. Please wait.

Presentation is loading. Please wait.

Machine-Level Programming V: Unions and Memory layout

Published byMaria Bruce Modified over 6 years ago

Similar presentations

Presentation on theme: "Machine-Level Programming V: Unions and Memory layout"— Presentation transcript:

1 Machine-Level Programming V: Unions and Memory layout
Slides adapted from Bryant and O’Hallaron

2 Today Structs vs. Unions Memory layout

3 C union vs. struct All members in a union start at the same location
union my_union { unsigned char b[4]; int x; } union my_union U; struct my_struct { unsigned char bytes[4]; int x; }; struct my_struct S; b[0] b[1] b[2] b[3] x b[0] b[1] b[2] b[3] x p U.bytes[3] = 1 p+4 p p+4 p+8 All members in a union start at the same location i.e. only one member can contain a value at a given time

4 C union vs. struct union my_union { unsigned char b[4]; int x; }
struct my_struct { unsigned char b[4]; int x; }; struct my_struct S; sz = sizeof(U); //sz?? U.b[3] = 0; U.x = 0x ; U.b[3] = ?? sz = sizeof(S); //sz?? S.b[3] = 0; S.x = 0x ; S.b[3] = ??

5 Using Union to Access Bit Patterns
typedef union { float f; unsigned u; } bit_float_t; 1 0x03f8ccccd 0xf3ebdddc 0x 0x bit_float_t x; x.f = 1.1; //what is the value of x.u?

6 Union Allocation Allocate according to largest element union U1 {
char c; int i[2]; double v; } u; c i[0] i[1] v x+0 x+4 x+8 struct S1 { char c; int i[2]; double v; } s; c 3 bytes i[0] i[1] 4 bytes v x+0 x+4 x+8 x+16 x+24

7 Unions in assembly testl %esi, %esi je .L2 movsbl (%rdi), %eax ret
typedef union { char c; int i[2]; double v; } u_t; int get_member(u_t *u, int first) { if (first) { return U->c; }else{ return U->i[1]; } testl %esi, %esi je .L2 movsbl (%rdi), %eax ret .L2: movl 4(%rdi), %eax

8 Today Unions Memory layout

9 x86-64 Linux Memory Layout Stack Heap Data Text / Shared Libraries
not drawn to scale 00007FFFFFFFFFFF Stack Stack Runtime stack (8MB limit) E. g., local variables Heap Dynamically allocated as needed When call malloc(), calloc(), new() Data Statically allocated data E.g., global vars, static vars, string constants Text / Shared Libraries Executable machine instructions Read-only 8MB Shared Libraries Heap Data Text Hex Address 400000 000000

10 Memory Allocation Example
not drawn to scale Memory Allocation Example Stack char big_array[1L<<24]; /* 16 MB */ char huge_array[1L<<31]; /* 2 GB */ int global = 0; int useless() { return 0; } int main () { void *p1, *p2, *p3, *p4; int local = 0; p1 = malloc(1L << 28); /* 256 MB */ p2 = malloc(1L << 8); /* 256 B */ p3 = malloc(1L << 32); /* 4 GB */ p4 = malloc(1L << 8); /* 256 B */ } Shared Libraries Heap Data Text Where does everything go?

11 x86-64 Example Addresses address range ~247 not drawn to scale 00007F
Stack address range ~247 Heap local 0x00007ffe4d3be87c p1 0x00007f7262a1e010 p3 0x00007f7162a1d010 p4 0x d120 p2 0x d010 big_array 0x huge_array 0x main() 0x c useless() 0x Heap Data Text 000000

12 Segmentation Fault r/w Stack Each memory segment can be readable, executable, writable (or none at all) Segmentation fault occurs when program tries to access illegal memory Read from segment with no permission Write to read-only segments Heap r/w - - Heap r/w Read-only data r/w Data r/x Text

13 Segmentation fault example
char str1[100] = ”hello world1”; int main () { char *str2 = ”hello world2”; printf(”str1 %p str2 %p\n”, str1, str2); str1[0] = ’H’; str2[0] = ’H’ }

14 Not all Bad Memory Access lead to immediate segmentation
Carnegie Mellon typedef struct { int a[2]; double d; } struct_t; double fun(int i) { volatile struct_t s; s.d = 3.14; s.a[i] = ; /* Possibly out of bounds */ return s.d; } fun(0) ➙ 3.14 fun(1) ➙ 3.14 fun(2) ➙ fun(3) ➙ fun(4) ➙ 3.14 fun(6) ➙ Segmentation fault Result is system specific

15 Memory Referencing Bug Example
Carnegie Mellon Memory Referencing Bug Example typedef struct { int a[2]; double d; } struct_t; fun(0) ➙ 3.14 fun(1) ➙ 3.14 fun(2) ➙ fun(3) ➙ fun(4) ➙ 3.14 fun(6) ➙ Segmentation fault Critical State 6 ? 5 4 d7 ... d4 3 d3 ... d0 2 a[1] 1 a[0] Location accessed by fun(i) struct_t

16 Such problems are a BIG deal
Generally called a “buffer overflow” when exceeding the memory size allocated for an array Why a big deal? It’s the #1 technical cause of security vulnerabilities #1 overall cause is social engineering / user ignorance Most common form Unchecked lengths on string inputs Particularly for bounded character arrays on the stack sometimes referred to as stack smashing

Download ppt "Machine-Level Programming V: Unions and Memory layout"

Similar presentations

Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Dynamic Memory Allocation I Topics Basic representation and alignment (mainly for static memory allocation, main concepts carry over to dynamic memory.

Dynamic Memory Allocation I Topics Basic representation and alignment (mainly for static memory allocation, main concepts carry over to dynamic memory.
Unions The storage referenced by a union variable can hold data of different types subject to the restriction that at any one time, the storage holds data.

Unions The storage referenced by a union variable can hold data of different types subject to the restriction that at any one time, the storage holds data.
Memory allocation CSE 2451 Matt Boggus. sizeof The sizeof unary operator will return the number of bytes reserved for a variable or data type. Determine:

Memory allocation CSE 2451 Matt Boggus. sizeof The sizeof unary operator will return the number of bytes reserved for a variable or data type. Determine:
Introduction to C Programming in Unix Environment - II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2014/2015 Some slides.

Introduction to C Programming in Unix Environment - II Abed Asi Extended System Programming Laboratory (ESPL) CS BGU Fall 2014/2015 Some slides.
Memory Layout C and Data Structures Baojian Hua

Memory Layout C and Data Structures Baojian Hua
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Understand stack Buffer overflow attack and defense Controls against program threats.

Understand stack Buffer overflow attack and defense Controls against program threats.
Carnegie Mellon 1 Saint Louis University Virtual Memory CSCI 224 / ECE 317: Computer Architecture Instructor: Prof. Jason Fritts Slides adapted from Bryant.

Carnegie Mellon 1 Saint Louis University Virtual Memory CSCI 224 / ECE 317: Computer Architecture Instructor: Prof. Jason Fritts Slides adapted from Bryant.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
Pointers and Arrays Beyond Chapter 16. 16-2 Pointers and Arrays What are the real differences? Pointer Holds the address of a variable Can be pointed.

Pointers and Arrays Beyond Chapter Pointers and Arrays What are the real differences? Pointer Holds the address of a variable Can be pointed.
Chapter 0.2 – Pointers and Memory. Type Specifiers  const  may be initialised but not used in any subsequent assignment  common and useful  volatile.

Chapter 0.2 – Pointers and Memory. Type Specifiers  const  may be initialised but not used in any subsequent assignment  common and useful  volatile.
1 Program Layout in memory –Code –Data Global variables –Stack Local variables & function Invocation Frames –Heap Dynamically allocated memory Today’s.

1 Program Layout in memory –Code –Data Global variables –Stack Local variables & function Invocation Frames –Heap Dynamically allocated memory Today’s.
Ithaca College 1 Machine-Level Programming VIII: Advanced Topics: alignment & Unions Comp 21000: Introduction to Computer Systems & Assembly Lang Systems.

Ithaca College 1 Machine-Level Programming VIII: Advanced Topics: alignment & Unions Comp 21000: Introduction to Computer Systems & Assembly Lang Systems.
Machine-Level Programming V: Advanced Topics CS304

Machine-Level Programming V: Advanced Topics CS304
University of Washington Today Happy Monday! HW2 due, how is Lab 3 going? Today we’ll go over:  Address space layout  Input buffers on the stack  Overflowing.

University of Washington Today Happy Monday! HW2 due, how is Lab 3 going? Today we’ll go over:  Address space layout  Input buffers on the stack  Overflowing.
Smashing the Stack Overview The Stack Region Buffer Overflow

Smashing the Stack Overview The Stack Region Buffer Overflow
Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Machine-Level Programming V: Miscellaneous Topics

Machine-Level Programming V: Miscellaneous Topics

Similar presentations

Ads by Google