From "Effective C++ 3rd edition by Scott Meyers":
To emphasize that the results of undefined behavior are not predictable and may be very unpleasant, experienced C++ programmers often say that programs with undefined behavior can erase your hard drive.
Under what circumstances can this happen?
For example, can accessing and writing to locations out of array range corrupt memory that doesn't belong to this C++ program or thread?
Can it? Sure. Happened to me, in fact.
I wrote code to delete a temporary directory. That involved creating a recursive delete <temp directory>\*.* command. Due to a bug, the <temp directory> field wasn't always filled in. Our file system code happily executed the recursive delete \*.* command.
My colleagues noticed when the icons on their desktop suddenly disappeared. Took out two machines.
If you take into account that UB is available not only to user-mode code, but also the system programmer. In other words, if you are writing driver-code with UB (or other bugs!) in it, you could end up writing to to a piece of memory that is later written back as the "root of the whole disk-data structure".
I have indeed had a bug in a driver which I worked on, that caused disk corruption, because the driver was using stale pointers (pointer use after free). If you were UNLUCKY, the unused memory happened to be a block owned by the filesystem, so it would write back to the disk some random garbage. Fortunately, it wasn't too difficult to determine what the problem was, and I only needed reformat the disk once on my test-system (when working on drivers, you typically use two computers, one to build the code, and one to test the code on - the test machine typically has a minimal install set, and often gets reformatted and reconfigured relatively often anyway).
I don't think Scott's mention necessarily means this type of situation, but it's entirely possible that if you have wild-enough code, it can cause almost anything to happen. Including finding holes in the security system (cf. all the stack-smashing exploits that have been successful). You probably have to be VERY unlucky to achieve that, but people also win those mega-lotteries from time to time, so if you can achieve something that has one chance in several million once a week or once a month, then a computer that can perform operations many millions of times a second can achieve much less likely things...
From the C++11 Standard (actually from Draft N3337), in section 1.3 Terms and definitions [intro.defs] (emphasis mine):
undefined behavior
behavior for which this International Standard imposes no requirements
[ Note: Undefined behavior may be expected when this International Standard omits any explicit definition of behavior or when a program uses an erroneous construct or erroneous data. Permissible undefined behavior ranges from ignoring the situation completely with unpredictable results, to behaving during translation or program execution in a documented manner characteristic of the environment (with or without the issuance of a diagnostic message), to terminating a translation or execution (with the issuance of a diagnostic message). Many erroneous program constructs do not engender undefined behavior; they are required to be diagnosed. — end note ]
From "no requirements" + "unpredictable results" we can conclude that (in theory) anything could happen.
Now, no "reasonable" compiler would purposely emit code to erase the hard drive for, e.g., a division by 0, but it could happen if you mess with the file system or indeed, as you said, if you corrupt memory (edit: see MSalters' comment on their own answer).
The point here is: always be careful to never ever ever invoke undefined behavior. "Here Be Dragons."
(In practice it can be hard to be sure that your program is well-defined. There's some advice. Know you language well, and keep away from the dusty corners. If a piece of code seems suspect or too complex, try to rewrite it to make it simpler and clearer. Always compile with the highest level of warnings, and don't ignore them. There are also compiler flags like -fcatch-undefined-behavior and tools like lint that can help. And testing of course, but that's a bit late.)
A memory violation can theoretically result in your program executing the wrong code. If you're very unlucky it could be code which deletes stuff on your hard drive. I suspect it's unlikely to go that far though, unless you're handling low-level disk operations yourself.
I think the point of the statement is that you need to take undefined behaviour extremely seriously, and do everything practical to guard against it (i.e. defensive programming). I've seen too many bad programmers naively relying on some undefined behaviour, assuming it will work the same all the time. In practice, it's not predictable, and sometimes the result can be catastrophic.
A simple example would be that you happen to corrupt the block number you're writing to, or the file name you're about to delete.
Yes.
Consider an application that processes external input (for example a component of a web application) and that has a buffer overflow, which is a fairly common type of undefined behavior.
An attacker notices this and deliberately crafts input that erases all the data. (Most attackers actually don't do that: what they want to do is to retrieve your data, or to plant content on your site. But occasionally some do want to erase your files.)
The maximal extent of the damage depends on what security layers the attacker is able to bypass. If the server hasn't been configured securely, or if there are other vulnerabilities that the attacker is able to exploit, then the attacker may be able to gain administrator privileges on the machine or use it as a relay to attack other machines. All this from a single buffer overflow.
The lesson to keep from this is that undefined behavior is not just about things that are likely to happen. Not only can things happen that you wouldn't expect (some compilers are very good at picking up weird optimizations that are only correct when a variable isn't modified twice between sequence points and do something very surprising otherwise), but things can happen that are mathematically extremely unlikely because someone deliberately went out of their way to make them happen.
In Linux, any operation is valid when you are a root user. Even destroying your root filesystem.
rm -rf /
Every code segment(with bugs) are happily executed when you are the root. All UB are assumed to be intended with sudo permissions.
Er, no offense, but several of the other answers are wrong or at any rate misleading, in my experience.
The C++ standard does not constrain undefined behavior. The operating system does however normally constrain it. Reason: the behavior is undefined with respect to C++.
... always be careful to never ever ever invoke undefined behavior.
Nonsense. Experience belies this suggestion. C++ programmers often inadvertently invoke undefined behavior during testing. Sometimes I do it on purpose, just to see what happens.
Now, I realize that someone thinks that I am flaunting foolhardiness here, but really, your laptop is hardly more likely to catch on fire with undefined than defined behavior. Undefined behavior in C++ emits assembly code with defined behavior. Think about that. The assembly behavior remains defined. It's just that the C++ standard no longer understands the mechanics.
There are times you want to provoke undefined behavior just to see what's going on on the stack.
If you are in an environment in which it is possible to write a defined C++ program that catches your laptop on fire, then you will have to be careful in any case; but the main problem in that case is a lack of hardware- and/or kernel-based protection.
In sum, don't let the C++ standard confuse you. It's just informing you what its own limits of competence are.
