MProtect Errno 12 (ENOMEM) 的说明
我正在使用 Monotouch 编写一个 iPhone 应用程序,最近该应用程序开始崩溃,并指出
Mprotect failed at 0x863a000 (length 8192) with errno 12
随后是相当长的堆栈跟踪和 Springboard 通知“应用程序异常退出并发出信号 6”。
我已阅读此问题,其中指出该应用程序已耗尽了 iPhone 上的所有可用内存。 我们已在应用程序中应用了一些通用的处置模式,并且通常会尽快处置任何重物。这意味着应用程序现在运行时使用的内存更少。但是,我们仍然收到 MProtect 失败的消息。
另外值得注意的是,当在仪器下运行应用程序时,仪器会报告设备有足够的可用内存(~40mb)。
我想知道是否有人能够解释 MProtect 和这次失败,因为我认为我还没有完全理解它。
I'm writing an iPhone application using Monotouch and recently the app has started crashing stating
Mprotect failed at 0x863a000 (length 8192) with errno 12
followed by a rather lengthly stack trace and Springboard informing that "the application exited abormally with signal 6".
I've read this question which states that the app has exhaused all the memory available on the iPhone.
We have applied some general Dispose patterns to the app and generally disposed of any heavy objects as soon as we could. This meant the app now runs using less memory. However we are still getting the MProtect failed message.
Also curious to note is that when running the app under instruments, instruments is reporting that there is plenty of free memory available to the device (~40mb).
I was wondering whether anyone would be able to explain MProtect and this failure as I don't think I've quite understood it properly.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
mprotect(2)询问操作系统内核更改地址空间某些部分的保护模式。mprotect(2)通常用于使地址空间的数据部分不可执行,以便 缓冲区溢出、格式字符串漏洞、释放后使用 或 释放未分配的内存错误或类似的攻击无法返回攻击者提供的数据。此外,mprotect(2)用于确保程序text空间不会被这些相同的漏洞修改。 (如果攻击者可以简单地覆盖您提供的函数,那就不好了。)但是
mprotect(2)并不神奇;它只是一个简单的方法。它无法防止返回libc攻击,或对系统的不当使用(3)或其他代码解释器等。iPhone 上
errno值12的 C 符号是什么? Monotouch 在何处以及为何使用mprotect(2)本身?您的软件有可能使用mprotect(2)吗?mprotect(2)asks the operating system kernel to change the protection mode for some portion of address space.mprotect(2)is often used to make data sections of an address space non-executable, so that buffer overflows, format string vulnerabilities, use after free or freeing unallocated memory errors, or similar attacks cannot return into attacker-supplied data. Also,mprotect(2)is used to ensure that the programtextspace cannot be modified by those same vulnerabilities. (If an attacker can simply overwrite the functions you've supplied, that's no good.)But
mprotect(2)isn't magic; it cannot prevent against return to libc attacks, or improper use ofsystem(3)or other code interpreters, etc.What is the C symbol for the
errnovalue12on the iPhone? Where and why does Monotouch usemprotect(2)itself? Any chance your software usesmprotect(2)?您的应用程序使用泛型吗?
请注意泛型类型上的虚拟方法,对于 Monotouch,它必须在预抖动时进行大量修改,并使用蹦床进行更多魔法,根据我的经验,它可能会导致某些方法劫持或内存损坏,YMMV。
为了安全起见,将泛型类上的所有方法设置为非虚拟方法。
Does your app use Generics?
Beware of having virtual methods on types with Generics, for Monotouch, which has to do lots of hacks while pre-jitting and some more magic with trampolines, it can cause some method hijacking, or memory corruption, on my experience, YMMV.
Make all methods non-virtual on Generic classes for safety.