Re: Buffer Overflow

From: Bjorn Reese (breese@mail1.stofanet.dk)
Date: 04/06/03 

Date: Sun, 06 Apr 2003 09:45:30 +0000
From: Bjorn Reese <breese@mail1.stofanet.dk>

Juha Laiho wrote:

> I've been bitten by this - and there is a need to zero the buffer you get
> from malloc(): while the OS memory allocation routines will clear (to
> some value; I think the actual value hasn't been specified) the memory

C99 says that the values will be "indeterminate", so you cannot assume
that all entries in the buffer has the same value.

> areas they're giving to your process, malloc() may also return memory
> that was already used by your process, but free()'d (but still not yet
> returned to the OS). And in this case the contents will not be scrubbed;
> the memory will contain whatever it did contain when your program freed
> the area.

I think Alan's point was that since the allocated buffer will be written
with data obtained from the socket before the data is read from the buffer,
then there is no need to zero the buffer first. This is equivalent to the
following sequence:

  int a = 0; /* Make sure that the value is initialized */
  a = 42; /* Assign the real content to the value */

If there is a possibility that you will access the variable between the
two assignments, then it is a good practice to initialize it to zero (or
some other value). However, if not, then you are just doing superfluous
work (which could turn out to be a performance hog in the case of memset
on large buffers.)

Relevant Pages

  • Re: Memory-mapping TCP/UDP send/recv buffer?
    ... Setting send buffer size to zero can give you zero copy on the send side. ... "Olaf van der Spek" wrote in message ... >> from memory, setting the socket buffer size to 0 has this affect. ...
    (microsoft.public.win32.programmer.networks)
  • Re: Buffer Overflow
    ... > I've been bitten by this - and there is a need to zero the buffer you get ... > from malloc(): while the OS memory allocation routines will clear (to ... I think the actual value hasn't been specified) the memory ...
    (comp.unix.programmer)
  • Re: Buffer Overflow
    ... >>1) The first 2 bytes of the message tell me the length of the buffer. ... from malloc(): while the OS memory allocation routines will clear (to ... I think the actual value hasn't been specified) the memory ...
    (comp.unix.programmer)
  • Re: Discovering variable types...
    ... >- but I suppose MS expect us to use wrappers ... memory allocations for your variables from disk as well. ... >They most certainly are of fixed size, changing the size of a String ... >>me to keep buffer size and current postion right in the memory block. ...
    (comp.lang.pascal.delphi.misc)
  • Re: Discovering variable types...
    ... >memory it points to is on the heap. ... sequentially reading data, if one is randomly reading records, then a ... >project is what's prompting me to improve disk access. ... from a memory buffer I can do it in about a second. ...
    (comp.lang.pascal.delphi.misc)