内存中的数组有没有理由“走”?而函数堆栈通常会“继续”下去向上?
尽管实际的实现是特定于平台的,但这种想法是潜在危险的缓冲区溢出的原因。例如,
-------------
| arr[0] | \
------------- \
| arr[1] | -> arr[3] is local to a function
------------- /
| arr[2] | /
-------------
| frame ptr |
-------------
| ret val |
-------------
| ret addr |
-------------
| args |
-------------
我的问题是,由于缺乏更好的动词,本地数组是否有原因向下流动?相反,如果数组向上流动,不是会显着减少覆盖返回地址的缓冲区溢出错误的数量吗?
诚然,通过使用线程,我们可以覆盖当前线程调用的函数的返回地址。但我们暂时忽略它。
Though the actual implementation is platform specific, this idea is the cause for potentially dangerous buffer overflows. For example,
-------------
| arr[0] | \
------------- \
| arr[1] | -> arr[3] is local to a function
------------- /
| arr[2] | /
-------------
| frame ptr |
-------------
| ret val |
-------------
| ret addr |
-------------
| args |
-------------
My question is, is there a reason why the local array, for lack of a better verb, flows down? Instead, if the array was to flow up, wouldn't it significantly reduce the number of buffer overflow errors that overwrite the return address?
Granted, by using threads, one could overwrite the return address of a function that the current one has called. But lets ignore it for now.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
堆栈上的数组的工作方式就像堆上的数组一样,即它的索引随着内存地址的增加而增加。
堆栈向下(朝向较低地址)而不是向上增长,这就是数组沿与堆栈相反的方向生长的原因。这有一些历史原因,可能是从代码、堆和堆栈驻留在同一内存区域开始,因此堆和堆栈从内存的两端生长。
The array on the stack works just like an array on the heap, i.e. its index increases as the memory address increases.
The stack grows downwards (towards lower addresses) instead of upwards, which is the reason for the array going in the opposite direction of the stack. There is some historic reason for that, probably from the time when the code, heap and stack resided in the same memory area, so the heap and the stack grew from each end of the memory.
我无法引用此内容的来源,但我相信这是为了让您可以逐步记忆。考虑
while *p++或类似的东西。现在,您可以轻松地说
while *p--但我想如果他们有选择,他们宁愿覆盖别人的数据也不愿覆盖自己的返回值:) 谈论“贪婪算法” '(哈哈)I can't cite a source for this, but I believe it's so you can step through memory. Consider
while *p++or something along those lines.Now, you could just as easily say
while *p--but I guess if they had a choice, they'd rather overwrite someone else's data than their own return value :) Talk about a 'greedy algorithm' (har har)要拥有子数组,通常只需传递一个指向它的指针。任何索引操作都需要知道数组的大小,除非您想让所有内存索引向后 - 但如果您愿意,您只会陷入同样的情况:P。
To have a subarray you usually pass just a pointer to it. Any indexing operation would need to know the size of the array, unless you'd like to make all of memory index backwards -- but if you would, you'd just get yourself in the same situation :P.