Use DosAllocMem for Boundary Overflow Protection: Difference between revisions
mNo edit summary |
mNo edit summary |
||
| Line 1: | Line 1: | ||
By [[Dave Briccetti]] | ''By [[Dave Briccetti]]'' | ||
If you write past the end of a malloc'd buffer, you can overwrite the contents of other variables. If you want to isolate a buffer from malloc'd data, use DosAllocMem. Why would you want to do this? | If you write past the end of a malloc'd buffer, you can overwrite the contents of other variables. If you want to isolate a buffer from malloc'd data, use DosAllocMem. Why would you want to do this? | ||
* You suspect your code might be writing past the end of a buffer and you want to catch it happening in the debugger | * You suspect your code might be writing past the end of a buffer and you want to catch it happening in the debugger | ||
What are the disadvantages of DosAllocMem? | What are the disadvantages of DosAllocMem? | ||
* Minimum 4K allocation size | * Minimum 4K allocation size | ||
* DosAllocMem takes longer than malloc | * DosAllocMem takes longer than malloc | ||
| Line 44: | Line 42: | ||
} | } | ||
[[Category:Languages Articles | [[Category:Languages Articles]] | ||
Revision as of 23:21, 7 March 2018
If you write past the end of a malloc'd buffer, you can overwrite the contents of other variables. If you want to isolate a buffer from malloc'd data, use DosAllocMem. Why would you want to do this?
- You suspect your code might be writing past the end of a buffer and you want to catch it happening in the debugger
What are the disadvantages of DosAllocMem?
- Minimum 4K allocation size
- DosAllocMem takes longer than malloc
Sample Program
This program overflows a 1 byte memory buffer until the program crashes (or it gets to the 10,000th byte).
By default it uses malloc, but if you use the d command line parameter, it will use DosAllocMem.
While overflowing the buffer, the program writes progress messages to stderr. Watch when the error gets discovered, both for malloc and for DosAllocMem. You might be surprised to see an old friend -- a familiar power of two in the case of DosAllocMem.
Try it!
#include <iostream.h>
#include <stdlib.h>
#define INCL_DOSMEMMGR
#include <os2.h>
void main (int argc, char ** argv)
{
BOOL const fUseDosAllocMem =
((argc == 2) && argv[1][0] == 'd');
PBYTE pab = 0;
if (fUseDosAllocMem)
DosAllocMem ((PPVOID) &pab, 1,
PAG_COMMIT | PAG_READ | PAG_WRITE);
else
pab = (PBYTE) malloc (1);
for (INT i = 0; i <. 10000; i += 16)
{
pab [i] = 0;
cerr <.<. i <.<. " ";
}
}