0

When a program starts all it has(simplified) command line arguments, env etc and some global variables if they exist - data section or bss section. Brk system call in assembly language(45 number x86 arch) returns the LAST usable address. The question is: what is this address? is it continuation of data section or bss section? what does it point to?

trincot
  • 317,000
  • 35
  • 244
  • 286
Balora
  • 31
  • 1
  • 4
  • According to the `brk` man page, it's the space immediately after bss: "the program break is the first location after the end of the uninitialized data segment". – sj95126 Oct 05 '22 at 13:15
  • 1
    What do you mean by the "*last valid* address returned" by a brk system call? That's not how linux [`brk/sbrk`](https://man7.org/linux/man-pages/man2/brk.2.html) are documented: "*the program break is the first location **after** the end of the uninitialized data segment*". Both `brk()` and `sbrk()` are capable of moving the break location. If you want to know where the break is, use `sbrk(0)`. Usually the initial program break value will be the the first location on a new page after the `.bss` section. See also comments [here](https://stackoverflow.com/q/49413851/471129) – Erik Eidt Oct 05 '22 at 15:34
  • @ErikEidt I read it in the book called "Programming from the ground up" and in an example there is a commentary: "#under normal conditions, this should #return the new break in %eax, which #will be either 0 if it fails, or #it will be equal to or larger than #we asked for. We don’t care #in this program where it actually #sets the break, so as long as %eax #isn’t 0, we don’t care what it is" so I assumed a new address is returned, because in the comment says if %eax is 0 there is an error, but brk() always returns 0, and -1 on errors. Maybe some misunderstanding – Balora Oct 05 '22 at 17:30
  • I think there's some confusion about `brk()` vs. `sbrk()`. The former returns 0 for success and -1 for failure, whereas the latter returns an address on success and (void *) -1 (yuk) on failure.. – Erik Eidt Oct 05 '22 at 17:59
  • Thanks for explanations. By the way the question is answerd about initial value of brk, can be closed – Balora Oct 05 '22 at 18:14
  • @ErikEidt: The underlying Linux system-call is different from the POSIX `brk()` and `sbrk()` functions implemented by glibc on top of the `brk` syscall. https://man7.org/linux/man-pages/man2/brk.2.html#NOTES documents the user/kernel differences. Linux `eax = __NR_brk` / `int 0x80` returns the new break on success, the old / current break on failure. (It can never return a `-errno` code like `-ENOMEM`.) – Peter Cordes Oct 06 '22 at 04:44
  • Related: a comment on [Why is linux kernel marking heap as mapped, when the program break has never been altered, libc is not linked, and heap should not exist?](https://stackoverflow.com/posts/comments/130594738) points out that the break starts right after the BSS if ASLR is disabled. Otherwise it's some random amount later. – Peter Cordes Oct 06 '22 at 14:38
  • [What does the brk() system call do?](https://stackoverflow.com/a/6989422) - where the BRK points. [Where does my allocated memory actually start from when i use brk system call](https://stackoverflow.com/q/32885127) - an example `strace` of glibc using it for malloc. – Peter Cordes Oct 06 '22 at 16:03
  • BTW, what you quoted from the book, *which #will be either 0 if it fails, or #it will be equal to or larger than #we asked for* - That's wrong for either `call brk` (the libc wrapper) or for the `int $0x80` system call directly. The raw system call returns the previous break address on failure, somewhere past the end of `.bss`. You use `brk(0)` to query the current break. – Peter Cordes Oct 06 '22 at 16:08

0 Answers0