reading a arbitary memory location making the program crash

Question

I am trying to read the value at random memory location using the following c code

 main()
 {
   int a,*b;
   printf("enter the value of a");
   scanf("%d",&a);
   b=a;
   printf("%d\n%d\n",a,*b);
   getch(); 
  }

But the program is crashing when some negative values or even when zero is entered in place of variable a through scanf. What I am doing wrong? Does the pointers dont have negative values?

Answer 1

The thing is that as you are probably running on a modern, full service operating system and it provides a more complicated abstract machine than the one described in most intro to c programming books.

In particular, there are OS imposed restrictions on access to arbitrary addresses. You don't notice this when you look at addresses associated with standard variables because you do have permission to use the stack and the data segment, and the alloc family of functions takes care of making sure that you have permission to access the parts of the heap that they hand you.

So, what you are doing is accessing memory for which you do not have permission, which results in a failure called a "segmentation fault" on most OS, and that abruptly ends your program.

---

What can you do about it?

Allocate a big block on the heap, by calling char *p = malloc(1000000); and then find the starting and ending addresses with something like printf("start:\t%p\nend\t%p\n",(void*)p,(void*)(p+1000000)); and only entering numbers in that range.

Note that the %p specifier print specifier outputs in hexadecimal, so you probably want to enter address in the same base. The standard library function strtol will be helpful in that regard.

A more sophisticated approach would be to use your OS's API to request access permission for arbitrary address, but for some values the OS is likely to simply refuse.

Answer 2

I see some confusion here over just want a pointer is.

First, you ask the user for a value. This is fine. Then you assign that value as the location of the pointer b. This MAY be fine but likely not.

Think for a moment, what does *(-500) mean? What would *(0) mean?

In general you can never just take user input and use it without first checking it or manipulating it. This is one place where security breaches come from.

If you want to experiment with dereferencing memory, just hard code some values at first. Load the program up in a debugger and see what happens.

int c;
b = 500;
c = *b; // what happens?
b = 0;
c = *b; // what happens?
b = -100;
c = *b; // what happens?

Answer 3

Let me greatly oversimplify for you...

In almost all modern computers, with most operating systems, very little of the memory in the machine is directly addressable by your program. You can't take a pointer, point it at something, and try to read it. It will almost always fail.

There are generally three things that will go wrong:

• The memory doesn't exist where you're pointing. Pointers can hold large range of values, and not all of them mean anything. It's like a house number in a postal address. Technically, you can put anything you want on the envelope. Only some are valid.
• The memory exists, but isn't yours. The vast majority of memory in the computer is "owned" by the operating system and if you touch it, it will terminate your program. This is for your safety.
• The memory you're trying to address is valid, in the right range, but not quite the right type. From the earlier example, you might have a reasonable house number but there's no house at that location. Or the address is really an apartment and just a number won't do.

In an old 8-bit computer from the 1980's with a full 64k of memory, you could just read any location you wanted to and it would be fine. Not so much anymore.

Answer 4

In theory, you have permissions to read from any address within your virtual address space (e.g. 0 to 0xFFFFFFFF on a 32-bit machine). 0 and negative numbers are not a problem - once you assign them to pointers, they are casted to non-negative values.

In practice, it won't work. OS will protect itself (and you) from this - it won't let you read from address that doesn't really belong to you. That is, if you haven't allocated the memory page and haven't write something there, OS won't let you to read from there.

Moreover, you don't really own the whole address space - lower part of it is owned by kernel et al., so OS won't let you access it.

Answer 5

Pointers are exclusively positive from what I have heard. 0 (the NULL pointer) is guaranteed not to point at anything and will cause the program to halt. Further, operatings systems (even hardware if I remember correctly) provide memory protection. This is why programs used to be able to crash each other but this is now much less common. When you program runs, the OS decides what memory it has access to and will throw a segfault if you try to access memory that isn't yours.

Then again, perhaps you just wanted b = &a? This would make b point to the same place as a exists and so, when you *b it would equate to the value stored in a.

Answer 6

As i see you declare b as pointer, hence it is wrong to do a=b. You will get segmentation fault. Pointers only shows to pointers not to values of integers, floats or chars. Alternatively you could do b = &a, which means that b shows to the memory address of a. So you could print then the value stored in the a.