Pointers Don't Create Memory Bugs, Programmers Do

-

Monopoly Free Parking for Pointers

After parking your car, you:

a) engage the parking brake
b) engage the parking brake only if you are on a hill
c) what’s a parking brake?

Any answer other than "a" suggests that you, as a programmer, don't park your pointers after you free them.

ZDNet recently published a couple of articles about Chrome and Microsoft, reporting that 70% of all their security bugs were memory safety issues. That weighty number was made heavier coming from companies where resources are abundant and developers are first class citizens. I can only imagine the bug count is higher in companies where budgets are tight and developers are support staff.

The article continued, describing C and C++ as "memory unsafe" languages, and attributing hackers with increasingly sophisticated attacks.  I even found myself reconsidering my Symmetry post, where I insisted memory can be managed if you cared enough:

common mistakes such as memory leaks and buffer overruns . . . are overstated, and can be effectively managed by programmers who aren't necessarily more intelligent, but by those who just care more deeply.

Was I was wrong? That moment of doubt passed when I read a statistic that irked me: of that 70%, more than half (36.1%) was due to "use after free" negligence, meaning pointers that were no longer needed and freed, were accidentally reused. Stray pointers can lead to software crashes, and worse, be exploited by hackers to access memory. A simple first line of defense would be to park your pointer when you're done with it: set it to NULL!

char *ptr = malloc(100);
. . .
free (ptr);
ptr = NULL;    // park it!
. . .
strcpy (ptr, "Goodbye World");

This is an old technique, and apparently, a forgotten one. Subsequent use of a parked pointer will cause your program to abort and report a segmentation fault, giving you the opportunity to fix your code while it's still in development or QA, rather than having a bug wait silently in production.

This won't catch every "use after free" pointer bug, but I'd argue it would catch an overwhelming majority. The exceptions would involve multiple pointers to the same memory, or multiple levels of indirection to that pointer, neither of which you should use with any regularity.

An additional benefit of a NULL pointer is that it guards against a condition known as double-free. Unneeded pointers that are freed twice (or more) can corrupt memory. Compilers can and do check for this, but they can also be fooled. A NULL pointer, however, can be freed multiple times because no action occurs, and while that would still be incorrect coding, there would be no damage to the system.

"It's redundant. It's inefficient!" might be reasons not to park your pointer. To those arguments, I remind you of the 36.1% figure, and refer you to my post The Hidden Cost of Efficiency.

Comments

Post a Comment

Popular posts from this blog

Bookshelf: UNIX A History and a Memoir

-
Image
  A man page will give you, in black and white, specific information about UNIX. Brian Kernighan's new book adds color and depth about UNIX you won't find anywhere else. I'm not a gray beard (yet), but I imagine they would plow through the book knowingly, but at the same time, learn a few things. Those new to UNIX -- recent college grads or those experimenting with Raspberry Pi -- would be better off starting with Chapter 8 which describes more relatable events and the descendants of UNIX, including Minux and Linux. It's when they start to ask questions like "Where does UNIX come from?" and "Why is Gamora grep?" that they should start from the beginning: Bell Labs, 1969. Kernighan opens with a birds-eye-view of Murray Hill New Jersey, zooms in on the buildings, the offices, the significance of Center 1127, and offers a brief look at some of the key players there. As I progressed through the book, the two factors that made UNIX not just possible, bu
Read more

Bookshelf Classic: The C Programming Language

-
Image
My first job had me programming in Microsoft BASIC for the IBM PC (DOS).  BASIC worked well enough, but its limitations were clear.  The language was interpreted and therefore slow.  More importantly, it wasn't a modern structured language, and instead, relied on line numbers and the GOTO statement.  Anyone who has read Dijkstra knew  GOTO was a bad thing . Having learned a structured language in college ( PL/I ), using BASIC felt unnatural.  When a C compiler became available for the PC, I saw a chance to improve and modernize our software.  The problem was selling the idea -- a problem made harder because I wasn't fluent in C. "It would be a staffing problem.  Not many people know C, but we can find a lot of programmers who know BASIC," noted one manager. The argument was strong as my knowledge of C was weak.  But I knew that C, by design, was a small language and thus easy to learn.  "It has about 30 keywords," I proffered to another manager. U
Read more

Connections

-
Image
Opening a drawer in my hotel room in Toronto, I found this.  I worship at the altar of tech, but I imagine the reaction between two priests might go like this: Mormon Priest:  "At least we're wireless!" Catholic Priest: "And from the very beginning too!"
Read more