C allows conversion between unsigned and signed. The rule is that the underlying bit representation is not changed. Generally, most numbers are signed by default.For example, when declaring a
constant such as 12345 or 0x1A2B, the value is considered signed. Adding character ‘U’ or ‘u’ as a suffix creates an unsigned constant, e.g., 12345U or 0x1A2Bu.
    When printing numeric values with printf, the directives %d, %u, and %x are used to print a number as a signed decimal, an unsigned decimal, and in hexadecimal format, respectively. Note that printf does not make use of any type information, and so it is possible to print a value of type int with directive %u and
a value of type unsigned with directive %d. For example, consider the following code:

int x = -1;
      unsigned u = 2147483648; /* 2 to the 31st */

printf("x = %u = %d\n", x, x);
      printf("u = %u = %d\n", u, u);
When run on a 32-bit machine, it prints the following:
     x = 4294967295 = -1
     u = 2147483648 = -2147483648

buger from:

Suppose, however, that some malicious programmer writes code that calls copy_from_kernel with
a negative value of maxlen. Then the minimum computation on line 16 will compute this value for len,
which will then be passed as the parameter n to memcpy. Note, however, that parameter n is declared as
having data type size_t. This data type is declared (via typedef) in the library file stdio.h. Typically it is defined to be unsigned int on 32-bit machines. Since argument n is unsigned, memcpy will treat it as a very large, positive number and attempt to copy that many bytes from the kernel region to the user’s buffer. Copying that many bytes (at least 231) will not actually work, because the program will encounter invalid addresses in the process, but the program could read regions of the kernel memory for which it is not authorized.

We can see that this problem arises due to the mismatch between data types: in one place the
length parameter is signed; in another place it is unsigned. Such mismatches can be a source of bugs
and, as this example shows, can even lead to security vulnerabilities. Fortunately, there were no reported cases where a programmer had exploited the vulnerability in FreeBSD. They issued a security advisory, “FreeBSD-SA-02:38.signed-error,” advising system administrators on how to apply a patch that would remove the vulnerability. The bug can be fixed by declaring parameter maxlen to copy_from_kernel
to be of type size_t, to be consistent with parameter n of memcpy. We should also declare local variable len and the return value to be of type size_t.

chapter 2: Representing and manipulating information的更多相关文章

  1. 《CSAPP》读书杂记 - Chapter 2. Representing and Manipulating Information

    1. 一段查看地址内容的代码 代码: #include <stdio.h> typedef unsigned char *byte_pointer; void show_bytes(byt ...

  2. Chap 2 Representing and Manipulating Information (CS:APP)

    -------------------------------------------------------------------------------------------------- A ...

  3. MySQL Crash Course #13# Chapter 21. Creating and Manipulating Tables

    之前 manipulate 表里的数据,现在则是 manipulate 表本身. INDEX 创建多列构成的主键 自动增长的规定 查看上一次插入的自增 id 尽量用默认值替代 NULL 外键不可以跨引 ...

  4. 六星经典CSAPP笔记(2)信息的操作和表示

    2.Representing and Manipulating Information 本章从二进制.字长.字节序,一直讲到布尔代数.位运算,最后无符号.有符号整数.浮点数的表示和运算.诚然有些地方的 ...

  5. 【CSAPP笔记】1. 位、字节、整型

    <Computer Systems a Programmer's Perspective>,机械工业出版社.中文译名<深入理解计算机系统>.作者:(美)Randal E.Bry ...

  6. Chapter 6 — Improving ASP.NET Performance

    https://msdn.microsoft.com/en-us/library/ff647787.aspx Retired Content This content is outdated and ...

  7. Professional C# 6 and .NET Core 1.0 - Chapter 42 ASP.NET Web API

    本文内容为转载,重新排版以供学习研究.如有侵权,请联系作者删除. 转载请注明本文出处: -------------------------------------------------------- ...

  8. Modules you should know in Python Libray

    前两天被问到常用的python lib和module有哪些?最常用的那几个,其他的一下子竟然回答不上.想想也是,一般情况下,遇到一个问题,在网上一搜,顺着线索找到可用的例子,然后基本没有怎么深究.结果 ...

  9. Data Types

    原地址: Home / Database / Oracle Database Online Documentation 11g Release 2 (11.2) / Database Administ ...

随机推荐

  1. BeanFactory调用getbean()对象

    Spring通过资源加载器加载相应的XML文件,使用读取器读取资源加载器中的文件到读取器中,在读取过程中,解析相应的xml文件元素,转化为spring定义的数据结BeanDefinition,把相应的 ...

  2. C语言 对数组名取地址

    作者 : 卿笃军 你有没有想过,对一个一维数组名取地址,然后用这个地址进行加减运算.这会出现什么样的结果呢? 演示样例: int a[5] = {1,2,3,4,5}; int *p = (int * ...

  3. 福昕阅读器drm加密解密总结

    drm是数字版权保护的一种方式,前一段时间在做四川文轩数字图书馆项目的时候用到了相关的知识,感觉这东西对于一些在线阅读和视频播放还是有很大用处的. 对于其工作原理我也很好奇,先摘抄度娘的内容如下,当然 ...

  4. How to get multi-touch working(Linux and Andriod)

    1.在hid-ids.h中加入vid pid           2.在hid-multitouch..c->mt_devices[] 中加入          {                ...

  5. ViutualBox虚拟机里添加磁盘

    1.首先在VirtualBox界面给虚拟机添加一块磁盘 2. 启动系统,查看当前磁盘空间 Last login: Tue Mar 15 22:24:47 2016 from 192.168.1.100 ...

  6. sqlserver中的序列

    序列是由用户定义的绑定到架构的对象.序列依据定义的间隔按升序或降序生成,并可配置为用尽时重新启动(循环).序列不与特定表关联.序列与表之间的关系由应用程序进行控制. 创建序列的语法: CREATE S ...

  7. MVC项目发布IIS访问不了

    首先在配置文件上加红色字体这个配置 用来打印错误信息,再根据错误信息来处理 <system.webServer> <validation validateIntegratedMode ...

  8. 生成getter()、setter()方法去掉变量前缀

    当定义的变量名有前缀但是不想在生成它的getter()和setter方法的时候让前缀出现,比如今天项目的部分代码: public class Crime { private UUID mId; //标 ...

  9. spark-sql

    本文用到的测试数据person.txt lijing 29 guodegang 45 heyunwei 30 yueyunpeng 100 rdd的分区数量,读取hdfs文件,默认是文件个数 rdd生 ...

  10. Emoji表情在网页中显示

    最近遇到一个项目,客户手机上发送的表情要在电脑网页中显示,没有找到简便方法,于是有了以下方案. 由于Emoji表情传到后台是“口”,怎么找出接收数据中的表情是关键,各种搜索后,我用下面的正则表达式匹配 ...