C allows conversion between unsigned and signed. The rule is that the underlying bit representation is not changed. Generally, most numbers are signed by default.For example, when declaring a
constant such as 12345 or 0x1A2B, the value is considered signed. Adding character ‘U’ or ‘u’ as a suffix creates an unsigned constant, e.g., 12345U or 0x1A2Bu.
    When printing numeric values with printf, the directives %d, %u, and %x are used to print a number as a signed decimal, an unsigned decimal, and in hexadecimal format, respectively. Note that printf does not make use of any type information, and so it is possible to print a value of type int with directive %u and
a value of type unsigned with directive %d. For example, consider the following code:

int x = -1;
      unsigned u = 2147483648; /* 2 to the 31st */

printf("x = %u = %d\n", x, x);
      printf("u = %u = %d\n", u, u);
When run on a 32-bit machine, it prints the following:
     x = 4294967295 = -1
     u = 2147483648 = -2147483648

buger from:

Suppose, however, that some malicious programmer writes code that calls copy_from_kernel with
a negative value of maxlen. Then the minimum computation on line 16 will compute this value for len,
which will then be passed as the parameter n to memcpy. Note, however, that parameter n is declared as
having data type size_t. This data type is declared (via typedef) in the library file stdio.h. Typically it is defined to be unsigned int on 32-bit machines. Since argument n is unsigned, memcpy will treat it as a very large, positive number and attempt to copy that many bytes from the kernel region to the user’s buffer. Copying that many bytes (at least 231) will not actually work, because the program will encounter invalid addresses in the process, but the program could read regions of the kernel memory for which it is not authorized.

We can see that this problem arises due to the mismatch between data types: in one place the
length parameter is signed; in another place it is unsigned. Such mismatches can be a source of bugs
and, as this example shows, can even lead to security vulnerabilities. Fortunately, there were no reported cases where a programmer had exploited the vulnerability in FreeBSD. They issued a security advisory, “FreeBSD-SA-02:38.signed-error,” advising system administrators on how to apply a patch that would remove the vulnerability. The bug can be fixed by declaring parameter maxlen to copy_from_kernel
to be of type size_t, to be consistent with parameter n of memcpy. We should also declare local variable len and the return value to be of type size_t.

chapter 2: Representing and manipulating information的更多相关文章

  1. 《CSAPP》读书杂记 - Chapter 2. Representing and Manipulating Information

    1. 一段查看地址内容的代码 代码: #include <stdio.h> typedef unsigned char *byte_pointer; void show_bytes(byt ...

  2. Chap 2 Representing and Manipulating Information (CS:APP)

    -------------------------------------------------------------------------------------------------- A ...

  3. MySQL Crash Course #13# Chapter 21. Creating and Manipulating Tables

    之前 manipulate 表里的数据,现在则是 manipulate 表本身. INDEX 创建多列构成的主键 自动增长的规定 查看上一次插入的自增 id 尽量用默认值替代 NULL 外键不可以跨引 ...

  4. 六星经典CSAPP笔记(2)信息的操作和表示

    2.Representing and Manipulating Information 本章从二进制.字长.字节序,一直讲到布尔代数.位运算,最后无符号.有符号整数.浮点数的表示和运算.诚然有些地方的 ...

  5. 【CSAPP笔记】1. 位、字节、整型

    <Computer Systems a Programmer's Perspective>,机械工业出版社.中文译名<深入理解计算机系统>.作者:(美)Randal E.Bry ...

  6. Chapter 6 — Improving ASP.NET Performance

    https://msdn.microsoft.com/en-us/library/ff647787.aspx Retired Content This content is outdated and ...

  7. Professional C# 6 and .NET Core 1.0 - Chapter 42 ASP.NET Web API

    本文内容为转载,重新排版以供学习研究.如有侵权,请联系作者删除. 转载请注明本文出处: -------------------------------------------------------- ...

  8. Modules you should know in Python Libray

    前两天被问到常用的python lib和module有哪些?最常用的那几个,其他的一下子竟然回答不上.想想也是,一般情况下,遇到一个问题,在网上一搜,顺着线索找到可用的例子,然后基本没有怎么深究.结果 ...

  9. Data Types

    原地址: Home / Database / Oracle Database Online Documentation 11g Release 2 (11.2) / Database Administ ...

随机推荐

  1. Css背景

    index.html <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> &l ...

  2. double精度的坑与BigDecimal

    近期经常接触支付相关的功能,在开发及测试过程中,开始金额都使用的是double类型,而近期新进的需求存在支付时打折的情况,也就是会出现如 1.23元的情况,那么这时候问题来了,如果是直接使用1.23进 ...

  3. mongodb授权登录

    mongodb版本为3.2(目前最新),演示的是linux下的mongodb授权认证 第一次登录不启动授权(mongo默认不启动) ./mongod --dbpath=/home/db/data -- ...

  4. (转)Maven实战(一)安装与配置

    1. 简介 Maven是基于项目对象模型(POM),可以通过一小段描述信息来管理项目的构建,报告和文档的软件项目管理工具. 如果你已经有十次输入同样的Ant targets来编译你的代码.jar或者w ...

  5. WP独立文件资源字典

    有时候,开发者想把资源字典定义在单独的XAML文件中,在网上找了找,没找到比较详细的,自己弄了许久. 1. 新建xaml资源字典文件,如在根目录下“ResourceDictionary1.xaml”, ...

  6. EBuild-API常见问题汇总

    问题1:用户访问被防火墙屏蔽检查处理流程 E-Build API(原IBE)是面向航空公司和代理人,以及第三方的航空预订服务产品.用户通过客户端,使用固定IP访问E-Build API服务器,航信网络 ...

  7. Nginx学习之六-nginx核心进程模型

    一.Nginx整体架构 正常执行中的nginx会有多个进程,最基本的有master process(监控进程,也叫做主进程)和woker process(工作进程),还可能有cache相关进程. 一个 ...

  8. ssh远程登录linux live系统

    要想ssh远程登录,须要准备两件事:配置同网段IP和开启SSH服务. 因为live系统没有IP,所以首先须要配置IP. 我的live系统是在虚拟机上启动的,宿主IP为192.168.230.1,liv ...

  9. MVC实现类似QQ的网页聊天功能-ajax(下)

    此篇文章主要是对MVC实现类似QQ的网页聊天功能(上)的部分代码的解释. 首先说一下显示框的滚动条置底的问题: 结构很简单一个大的div(高度一定.overflow:auto)包含着两个小的div第一 ...

  10. iOS集成微信支付各种坑收录

    统一下单的参数要拼接成XML格式,使用AFN请求时要对参数转义,直接传入字典给AFN无法识别(这个接口微信demo中并没有提供示例) AFHTTPRequestOperationManager *ma ...