how can I corrupt the data segment of a linux process?_问答_开发者

I am coding in C/C++. What are the possible ways to corrupt a static variable that is stored in the data segment? Is this considered a memory leak?

#include <stdio.h>

int aaa[5]; 
int bbb; 
int main() 
{ 
        int i; 
        bbb=41;
        for 开发者_如何学编程(i = 0; i < 6; ++i) 
                aaa[i] = 42; 
        printf("%d\n", bbb);
        return 0; 
}

the code above prints bbb=42 and not 41. this is a possible cause. another way is to modify static data accessed via multiple threads.

Any other ways?

No, this is not a memory leak. A memory leak is when you allocate on the free store (with malloc/new) and then never free/delete the allocated block.

Note that this is undefined behaviour and is not guaranteed:

int bbb;
int aaa[5];
int main()
{
    int i;
    bbb=41;
    for (i = 0; i < 6; ++i)
            aaa[i] = 42;
    printf("%d\n", bbb);
    return 0;
}
g++ -o test test.cpp && ./test
41

In this particular case bbb is stored after aaa, but you shouldn't be relying on this at all cause it could be somewhere else.

Yes, there is more than one method to destroy the contents of global variables (your variables are not static in the example you posted).

Pointers are a good tool to corrupt memory and write where your program should not. Casting can also add some excitement:

#include <iostream>
using namespace std;

int aaa[5];
int bbb;

int main(void)  // Do *your* main() functions always return a value????
{
  double * ptr_double = 0;
  // Assign the pointer to double to point to the last integer.
  // Treat the last integer in the array as a double.
  aaa[4] = 45;
  cout << "aaa[4] = " << aaa[4] << endl;

  ptr_double = (double *)(&aaa[4]);
  *ptr_double = 3.14159267;
  cout << "aaa[4] = " << aaa[4] << endl;

  return -1;
}

With multiple threads, you can have each thread write to the global variable, then have them read back the value. Placing random delays, before writing, and after writing, can show you in more detail how it works.

Another method is to assign the address of your variable to destination register of an I/O hardware device, like a UART. When the UART receives data, it will place that data in that variable, with no regards to the purpose of the variable.

In general values are corrupted by code writing to a location it should not. The primary cause is buffer overrun: Writing more data than is allocated for the variable. Overruns can also occur from hardware devices such as DMA controllers and USB controllers. Another cause is via pointers: the pointer is pointing to an invalid location.

Variables can become corrupted by Stack Overflows and Heap Overflows. On many architectures these structures expand towards each other. Too many variables on the stack, or function recursions (or calling depth) can make the stack overwrite into the heap. Likewise, allocating too much memory from the heap can make the heap overwrite the stack.

Rather than exploring how to damage variables, I believe you should work on improving code safety: design and write your code so it has no buffer overruns, writes to correct locations and shared variables are protected from simultaneous writes by multiple tasks and threads.

All global variables, static or otherwise are initialized to the value specified in their declaration (or zero if not specified) by the loader prior to the execution of any code in the process. The default values will only be modified by code executed within the process (barring any outside interferrence from a debugger).

If you're seeing a "corrupted" value at the beginning of your program's main() function, it's most likely due to a bad action preformed from within the constructor of a global C++ object. The constructors for all global C++ objects are run prior to the invocation of main().

The easiest way to track down the source of this kind of corruption is probably to run the process under a debugger and set a watchpoint on the address of the global variable. The debugger will break when the data is modified. Odds are you have an array overrun or errant pointer problem. They can be a bitch to track down manually.

This is a typical programming error. You define 5 items of an array of aaa while using 6 aaa's, which means you can only use aaa[0], aaa[1], aaa[2], aaa[3], and aaa[4]. aaa[5] is undefined. This is a bug, a programming error, and nothing else. Period.