Pointers Don't Create Memory Bugs, Programmers Do


Monopoly Free Parking for Pointers

After parking your car, you:

a) engage the parking brake
b) engage the parking brake only if you are on a hill
c) what’s a parking brake?

Any answer other than "a" suggests that you, as a programmer, don't park your pointers after you free them.

ZDNet recently published a couple of articles about Chrome and Microsoft, reporting that 70% of all their security bugs were memory safety issues. That weighty number was made heavier coming from companies where resources are abundant and developers are first class citizens. I can only imagine the bug count is higher in companies where budgets are tight and developers are support staff.

The article continued, describing C and C++ as "memory unsafe" languages, and attributing hackers with increasingly sophisticated attacks.  I even found myself reconsidering my Symmetry post, where I insisted memory can be managed if you cared enough:

common mistakes such as memory leaks and buffer overruns . . . are overstated, and can be effectively managed by programmers who aren't necessarily more intelligent, but by those who just care more deeply.

Was I was wrong? That moment of doubt passed when I read a statistic that irked me: of that 70%, more than half (36.1%) was due to "use after free" negligence, meaning pointers that were no longer needed and freed, were accidentally reused. Stray pointers can lead to software crashes, and worse, be exploited by hackers to access memory. A simple first line of defense would be to park your pointer when you're done with it: set it to NULL!

char *ptr = malloc(100);
. . .
free (ptr);
ptr = NULL;    // park it!
. . .
strcpy (ptr, "Goodbye World");

This is an old technique, and apparently, a forgotten one. Subsequent use of a parked pointer will cause your program to abort and report a segmentation fault, giving you the opportunity to fix your code while it's still in development or QA, rather than having a bug wait silently in production.

This won't catch every "use after free" pointer bug, but I'd argue it would catch an overwhelming majority. The exceptions would involve multiple pointers to the same memory, or multiple levels of indirection to that pointer, neither of which you should use with any regularity.

An additional benefit of a NULL pointer is that it guards against a condition known as double-free. Unneeded pointers that are freed twice (or more) can corrupt memory. Compilers can and do check for this, but they can also be fooled. A NULL pointer, however, can be freed multiple times because no action occurs, and while that would still be incorrect coding, there would be no damage to the system.

"It's redundant. It's inefficient!" might be reasons not to park your pointer. To those arguments, I remind you of the 36.1% figure, and refer you to my post The Hidden Cost of Efficiency.

Comments

Popular posts from this blog

MR2 Check Engine

Bookshelf: UNIX A History and a Memoir

Bookshelf Classic: The C Programming Language