Re: IsBadReadPtr for Linux?

John Reiser <jreiser@xxxxxxxxxxxx> writes:

Ok, I want to check if a pointer addresses a readable area of memory.

write(fd, ptr, sizeof(*ptr))

will work on any UNIX-like system, provided fd is a valid
filedescriptor that is open for writing. If the value returned is
sizeof(*ptr), then the pointer is valid for reading. If the value
returned is -1, then check 'errno'; if EFAULT, then the pointer is a
bad read pointer. If not EFAULT, then some other error is
preventing a valid analysis of *ptr.

Not quite - if the file descriptor is opened against /dev/null, then
one can pass bad pointers to write(2) and get no error. The same is
true of /dev/zero, /dev/full, all the "trivial" char devices, at least
in the Linux 2.6 kernels I've dealt with; none behaves any differently
for an invalid input address. This result is slightly nonobvious from
the man pages and standards text I've seen, so I for one was surpised.

Last time I needed this, I needed to do it in a signal handler and
without using a temporary file (which arguably shouldn't be necessary
for this). I ended up calling msync on the appropriately page
address. This does reliably return ENOMEM for pages that aren't.
With the async flag, it had no side effects to speak of, since the
process was about to dump core anyway...

Grant Taylor
Embedded Linux Consultant

Relevant Pages

  • Re: Typecasting pointers
    ... array of shorts, and initialize them all to the same value. ... You're saving the value of ptr so you can freeit later. ... A pointer increment advances the pointer by one object size, ... optimizing compiler could have done a better job than you have. ...
  • RE: Multiple pointer entry`s for pc`s
    ... Pointer (PTR) RRs are used to support the reverse ... resolve this information to the DNS domain name for that computer. ... PTR RRs can be added to a zone in several ways: ...
  • Re: use delete to destroy primitive/object types but memory is not freed
    ... the safest approach is to think of a pointer as an opaque ... The call to mallocallocates memory space for a double object; ... We then assign a value to the double object that ptr points to, ... The C runtime system has reserved that chunk of memory, ...
  • Re: How to know the memory pointed by a ptr is freed?
    ... Section 3.3.4 of the C89 standard expressly allows conversions between ... the integer type is wide enough to hold a pointer. ... The pointer might be loaded in to an address register causing the ... Why would the contents of "ptr" be placed into an address ...
  • Re: How to know the memory pointed by a ptr is freed?
    ... > And what about the 37 copies made of that pointer after it was ... the value of "ptr" ... pattern stored in "ptr", or does it mean that we cannot under any ... that we gave that memory back to the system and any access to it ...