20 replies to this topic

[Dynamo_Maestro]

Hi

I hear bad things about pointers all the time, but whats the worst they could do, like say I did some really awful coding that was flooded with uninitialized pointers and loops infinitely changing the values of these pointers. Whats the worst that could happen? Can uninitialised pointers freely point to anything on my comp?

I am just trying to work out how unsafe / dangerous they are and what damage they could do, without testing myself ;) anyway the example may be bad but for the sake of things something like

int* pnumber;
for(;;)
{
pnumber++;
}

PS. I say this from a C# point of view where pointers are non existent, not sure if thats relevant. Oh also I read about Wild pointers but they never really explained what a pointer was capable of.

[SiCrane]

It depends on your platform. On a platform with protected memory like modern PC operating systems the worst it could probably do is provide a security hole that could be exploited. On other platforms it could crash the computer, corrupt the operating system or similar feats.

[swiftcoder]

On a modern desktop OS? Not much outside the realm of your own program.

The OS only gives your program write permission to memory pages that are actually owned by your program, so writing to random addresses will eventually hit a page you don't own, at which point your program will be terminated with a segfault.

However, even just screwing up data in your own program may have far reaching consequences. Consider accidentally modifying a network packet just before you send it to the server, or modifying a buffer right before you write it to a file.

And then there is the issue that pointer errors can be very hard to debug. If your bad pointer happens to fall in data operated on by another part of the program, you may spend hours/days/weeks debugging entirely the wrong portion of your code.

[Washu]

In C++ the behavior is undefined. That quite literally means exactly that "undefined." It can do anything. On most platforms, like a PC, a "bad pointer" value will not hurt you until you try to do something with it (like dereference it). However, certain other systems have specialized memory setups (such as validated registers), and in those cases having a "pointer" that points to invalid memory can assert and cause a (trappable typically) hardware exception that will terminate the process.

On the PC, the results of writing to a bad pointer vary depending on a lot of factors. If you're unlucky such behavior can be used to exploit your code to run arbitrary other code, thus enabling an attacker to gain remote control of your systems. In other cases it will simply crash out of your application when you attempt to write to something you don't have permissions to write to (Examples typically include your code pages, which with DEP on will typically be read/execute but not writeable).

Bad pointers, and buffer overflows, are one of the biggest areas where security exploits are found and used, and... interestingly enough, most of those are STRING related issues. This is why you shouldn't use C-strings and should use std::strings.

[Álvaro]

There worst thing a wild pointer can do is work the way you expect it to. I read somewhere that "undefined behavior" means "it works when you first try it, it passes all of your tests, and it blows up when you show it to your boss or your most important client."

[Antheus]

Under systems with virtual memory it'll most commonly cause page protection fault, which is essentially low level way of saying you're trying to access memory you didn't allocate.

Outside of that, hardware is a fairly complex beast. Let's say that graphics card has mapped some of its functions into memory. Invalid pointer writes to some address which happens to be fan control and sets fan speed to zero and card melts.

Things like this were possible under DOS. Poking various values via interrupts could blow up monitor or destroy a disk drive. I seem to recall there was a virus which did something like that. While there's layers upon layers of protections in most OSes today, in theory it's still possible.

C, C++, assembly and native code in general has no restrictions on what it can do. So if there exists a way to do something bad, then it can be implemented in such languages, deliberately or accidentally.

But there's other very destructive modes. Consider a database which writes to random addresses and then persists that to disk. Dangling pointer doesn't do physical harm, yet destroys vital and possible unrecoverable data. Pointer in this case doesn't even need to be invalid in classic sense, it points to perfectly valid address, just not the intended one. Many such cases are perfectly legitimate as far as language goes, they just produce catastrophic results.

[daviangel]

I say this from a C# point of view where pointers are non existent, not sure if thats relevant. Oh also I read about Wild pointers but they never really explained what a pointer was capable of.

Actually, C# does have pointers. That's what the unsafe keyword is for.
But as has already been pretty much covered by everyone else, modern OS's do a pretty good job of isolating your buggy program in userland so that it doesn't do any damage to important things in kernelland. In older versions of Windows you were able to pretty easy reboot the whole OS using some bad assembly or even exhausting the heap memory calling new in a loop or any number of other stupid things.
Actually, now that I remember that's probably why Andre Lamothe got such a bad rep around here back in the day.Teach Yourself Game Programming in 21 Days was the first game programming book I ever read and my PC would crash and reboot at least once per chapter going through his book. He loved using pointers, pointers to pointers, assembly to access the vidcard, soundcard directly, etc and one wrong move and KABOOM Then again this was before DirectX and Windows NT.

Nowadays, everything is pretty well locked down but there will always be area's that are vulnerable, graphic cards coming to mind since you are now able to run C++ code on them using things like OpenCL and WebCL.
Not long ago there was a lot of talk on the security vulnerabilities in WebCL which should give you an idea of how "undefined behaviour" can take out your computer

p.s. I've been working with some OpenCL code on MacOSX and can't believe how easy it is to render a machine unusable since it's really easy to take over the graphics card so that the OS doesn't even have time to update anything else!

[rip-off]

Remember, the user the process is running as can still access the disk. Malicious exploits aside, your program could still end up corrupting random files if you were very unlucky.

[Dynamo_Maestro]

Actually, C# does have pointers. That's what the unsafe keyword is for.

What I meant was, non existent in terms of need to use, of course theres a use for them in C# (or at least I hope so). Truth be told I am more eager to experiment with pointers in C#, mainly to satisfy my curiosity more than anything

Anyway thanks for the quick replies

[mhagain]

On a modern OS each process will have it's own address space that is walled off from the address space of other processes, so in general terms the scope for damage is somewhat reduced. On a clean system such a program is just going to corrupt memory in it's own address space and go down in flames.

If you're really unlucky you could jump to a random execution point (e.g. by corrupting a return address on the stack) which may in theory do anything - there's going to be a lot of kernel-mode and driver code running as part of your program too. One would assume that this code is quite robust and at least prevents this kind of thing from doing any damage - the safest option is to crash hard as soon as possible here. I've seen this happen when I've screwed-up in Windows apps and Windows has always given me a nice clean and consistent program crash (exception: Windows 9x and other DOS-based versions) without doing anything bad.

If however your program is running with elevated privileges (or if you're logged on as an administrator - which I hope you're not) malware could potentially exploit it and then it's game over - you've sold the shop. Yes, it might not have done anything bad (especially if you're on x64 or have DEP enabled - which I hope you do) but you need to crack open that virus scanner and seriously consider your next steps.

[Telastyn]

Yes, it might not have done anything bad (especially if you're on x64 or have DEP enabled - which I hope you do) but you need to crack open that virus scanner and seriously consider your next steps.

Nope. If you have unknown code executed via exploit you are done. There are a pile of exploits that exist locally on a machine that the unknown code can use as a foothold.

The worst possible thing bad pointer usage can do is provide all information on your machine (and potentially your network) to people with bad intentions. They will then use your machine to exploit other machines, bringing the cops to your door; and then you get to try to explain that some people with bad intentions made your machine do it. Don't drop the soap.

Yeah it's far fetched, but as soon as you allow arbitrary code execution all bets are off.

[mhagain]

Yes, it might not have done anything bad (especially if you're on x64 or have DEP enabled - which I hope you do) but you need to crack open that virus scanner and seriously consider your next steps.

Nope. If you have unknown code executed via exploit you are done. There are a pile of exploits that exist locally on a machine that the unknown code can use as a foothold.

The worst possible thing bad pointer usage can do is provide all information on your machine (and potentially your network) to people with bad intentions. They will then use your machine to exploit other machines, bringing the cops to your door; and then you get to try to explain that some people with bad intentions made your machine do it. Don't drop the soap.

Yeah it's far fetched, but as soon as you allow arbitrary code execution all bets are off.

That's pretty much what I meant by "seriously consider your next steps" - although I did decide to tone it down a little. ;) (In addition to not dropping the soap, watch out for Big Bubba who gets lonely at night).

[Promit]

You guys are forgetting that any process with admin privileges can punch holes in the address space walls and touch other processes. Doing so takes some effort, and doing so by mistake isn't likely in most cases unless you're already doing something crazy. But it's not quite correct to say that you can only damage yourself and disk.

[Nypyren]

At some point, your bad pointer may eventually be the cause of anything and everything the physical hardware is capable of (and anyone you're networked with.)

The worst that could happen? Your program causes the LHC to create an transdimensional rift which annihilates the universe.

Don't cross the std::streams!

[Red Ant]

At some point, your bad pointer may eventually be the cause of anything and everything the physical hardware is capable of (and anyone you're networked with.)

The worst that could happen? Your program causes the LHC to create an transdimensional rift which annihilates the universe.

Don't cross the std::streams!

Hehe, yup. As soon as you get into embedded systems (where the OS might not protect you from your own stupidity in the way it does on a PC), a bad pointer could very well be the difference between a functioning machine and an accident involving human casualties.

[Hodgman]

A bad pointer could write the entire works of Shakespeare.

[Cornstalks]

The worst thing it can do? Allow your program to execute normally, as if there was no bad pointer. Because then you have to worry about all these problems everyone is mentioning, except you have no idea and no hints that there is a serious security threat.

The best thing it can do? Crash your program, hopefully during a nice debugging session. That way you know there is something wrong, and hopefully you care enough to do what it takes to properly fix it.

[Felix Ungman]

In the best of worlds, the worst thing a bad point would do is to cause the compiler to generate an error.

[mhagain]

The worst thing it can do? Allow your program to execute normally, as if there was no bad pointer. Because then you have to worry about all these problems everyone is mentioning, except you have no idea and no hints that there is a serious security threat.

The best thing it can do? Crash your program, hopefully during a nice debugging session. That way you know there is something wrong, and hopefully you care enough to do what it takes to properly fix it.

Winner.

[Ripiz]

When I failed with std::string and char* somehow instead of writing into file I need it rewritten or removed my code files =/