Return to BSD News archive
Xref: sserve comp.unix.sysv386:24673 comp.unix.sys5.r4:213 comp.unix.solaris:351 comp.unix.programmer:6935 comp.unix.bsd:6461
Newsgroups: comp.unix.sysv386,comp.unix.sys5.r4,comp.unix.solaris,comp.unix.programmer,comp.unix.bsd
Path: sserve!manuel.anu.edu.au!munnari.oz.au!sgiblab!darwin.sura.net!Sirius.dfn.de!math.fu-berlin.de!dct.zrz.tu-berlin.de!news.netmbx.de!Germany.EU.net!isaak.isa.de!omega!av
From: av@omega.ssw.de (Andreas Vogel)
Subject: method for detecting NULL pointer dereferences (incl. source)
Message-ID: <1992Oct12.170741.13855@omega.ssw.de>
Date: Mon, 12 Oct 1992 17:07:41 GMT
Organization: Omega Softlab
Followup-To: comp.unix.sysv386
Lines: 120
I've found a way to detect null pointers dereferences which (nearly almost)
indicates a programming bug. I've tried this method currently only
on SVR4 unix, but maybe it will work on some flavors of BSD unix iff
they provide the mmap() system call.
In order to reach as many people as possible which might be interested in
getting or checking this method, I've crossposted this article to some
related newsgroups. I've set the Followup-To: to comp.unix.sysv386.
I hope both are OK.
Have a look to the comments in the program itself too.
--------- CUT HERE --------- CUT HERE --------- CUT HERE --------- CUT HERE --
/*
**
** N U L L . C
**
** One of the most committed mistakes in writing software is referencing
** data through null pointers. Some versions of BSD unix provides a tunable
** parameter which specifies the behaviour when data access through null
** pointers are done. Neither on SVR3 nor on SVR4 I haven't found such
** an option and read through null pointers are allowed.
**
** On SVR4 unix there exists a way to detect read through null pointers.
** Using the mmap() system call the page zero gets mapped with neither
** read nor write protection and any further access to any address which
** resides on the null page is prohibited.
**
** This makes the detection of null pointer dereferences possible and
** helps the developper in finding bugs in their sources.
**
** I've actually tried this method only on SVR4 unix. Maybe this method
** applies to some versions of BSD unix, which provides the mmap()
** system call, too.
**
** In order to compile thsi program just say cc null.c and try out.
**
** I'm interested in getting any comments.
**
** Andreas Vogel Bahnhofstr. 13 / D-7300 Esslingen / Germany
** Voice: +49-711/357613
** E-Mail: av@ssw.de
**
** Module: demonstration of null page reference prohibition
** Version: X1.0
** Author: Andreas Vogel (AV) <av@ssw.de>
** SccsId: %Z%%M% %I% %G%
**
** Modification history:
**
** 12-OCT-1992 AV Version X1.0, first definition
**
*/
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <sys/immu.h>
#define NO_ACCESS_THROUGH_NULL_PTR
main ()
{
caddr_t pa;
int fd;
long *addr = (long *) 0;
/*
** open /dev/zero which provides an infinite number of zero'd pages
*/
if ((fd = open ("/dev/zero", O_RDONLY, 0)) == -1)
{
perror ("/dev/zero");
exit (1);
}
#ifdef NO_ACCESS_THROUGH_NULL_PTR
/*
** map the page zero to the first page of /dev/zero and mark the
** page with PROT_NONE. after this call neither read nor write
** access to any address which resides in thsi page are allowed.
*/
pa = mmap (0, NBPP, PROT_NONE, MAP_FIXED | MAP_SHARED, fd, 0);
if (pa == -1)
{
perror ("mmap(NULLPAGE)");
exit (1);
}
#endif
/*
** actually test null pointer read access. if NO_ACCESS_THROUGH_NULL_PTR
** is defined a SIGSEGV signal should be generated for this instruction,
** otherwise some garbage value (in most cases 0) should be printed.
*/
fprintf (stderr, "*(0x%x) == 0x%x\n", addr, *addr);
/*
** not really neccessary at this point, but correct :-))
*/
close (fd);
}
--------- CUT HERE --------- CUT HERE --------- CUT HERE --------- CUT HERE --
I am very interested in getting some feedback and comments on this method.
Is this method for BSD unix having the mmap() system call working too??
Did I something wrong or have I overseen some important aspects??
--
Andreas Vogel Bahnhofstr. 13 / D-7300 Esslingen / Germany
Voice: +49-711/357613
E-Mail: av@ssw.de