Practice Problem 2.37 solution page 155
You are given the task of patching the vulnerability in the XDR code shown in the aside on page 100 for the case where both data types int and size_t are 32 bits. You decide to .eliminate the possibility of the multiplication overflowing by computing the number of bytes to allocate using data type unit64_t. You replace
In 2002, it was discovered that code supplied by Sun Microsystems to implement the XDR library, a widely used facility for sharing data structures between programs, had a security vulnerability arising from the fact that multiplication can overflow without any notice being given to the program.
Code similar to that containing the vulnerability is shown below:
The function copy_elements is designed to copy ele_cnt data structures, each consisting of ele_ size bytes into a buffer allocated by the function on line 9. The number of bytes required is computed as ele_cnt * ele_size.
Imagine, however, that a malicious programmer calls this function with ele_cnt being 1,048,577 (220 + 1) and ele_size being 4,096 (212) with the program compiled for 32 bits. Then the multiplication on line 9 will overflow, causing only 4,096 bytes to be allocated, rather than the 4,294,971,392 bytes required to hold that much data. The loop starting at line 15 will attempt to copy all of those bytes, overrunning the end of the allocated buffer, and therefore corrupting other data structures. This could 1 cause the program to crash or otherwise misbehave.
The Sun code was used by almost every
A similar vulnerability existed in many implementations of the library function calloc. These have since been patched. Unfortunately, many-programmers call allocation functions, such as malloc using arithmetic expressions as arguments, without checking these expressions for overflow. Writing a reliable version of calloc is left as an exercise (Problem 2.76)
the original call to malloc (line 9) as follows:
Want to see the full answer?
Check out a sample textbook solutionChapter 2 Solutions
Computer Systems: A Programmer's Perspective (3rd Edition)
Additional Engineering Textbook Solutions
Problem Solving with C++ (10th Edition)
Introduction to Programming Using Visual Basic (10th Edition)
Web Development and Design Foundations with HTML5 (8th Edition)
Digital Fundamentals (11th Edition)
Starting Out with C++: Early Objects
Artificial Intelligence: A Modern Approach
- (Practice) a. Using Figure 2.14 and assuming the variable name rate is assigned to the byte at memory address 159, determine the addresses corresponding to each variable declared in the following statements. Also, fill in the correct number of bytes with the initialization data included in the declaration statements. (Use letters for the characters, not the computer codes that would actually be stored.) floatrate; charch1=M,ch2=E,ch3=L,ch4=T; doubletaxes; intnum,count=0; b. Repeat Exercise 9a, but substitute the actual byte patterns that a computer using the ASCII code would use to store characters in the variables ch1, ch2, ch3, and ch4. (Hint: Use Appendix B.)arrow_forwardAssume that the following are concurrent VHDL statements: (a) L <= P nand Q after 10 ns; (b) M <= L nor N after 5 ns; (c) R <= not M; Initially at time t = 0 ns, P = 1, Q = 1, and N = 0. If Q becomes 0 at time t = 4 ns, (1) At what time will statement (a) execute? (2) At what time will L be updated? (3) At what time will statement (c) execute? (4) At what time will R be updated?arrow_forwardWrite a code in sim8085 for the following problem: The pressure of two boilers is monitored and controlled by a microcomputer works based on microprocessor programming. A set of 6 readings of first boiler, recorded by six pressure sensors, which are stored in the memory location starting from 2050H. A corresponding set of 6 reading from the second boiler is stored at the memory location starting from 2060H. Each reading from the first set is expected to be higher than the corresponding position in the second set of readings. Write an 8085 sequence to check whether the first set of reading is higher than the second one or not. If all the readings of first set is higher than the second set, store 00 in the ‘D’ register. If any one of the readings is lower than the corresponding reading of second set, stop the process and store FF in the register ‘D’. Data (H): First set: 78, 89, 6A, 80, 90, 85 Second Set:71, 78, 65, 89, 56, 75arrow_forward
- Please solve and show all work. Thank you. Translate the following MIPS code to C. Assume that the variables f, g, h, i, and j are assigned to registers $s0, $s1, $s2, $s3, and $s4, respectively. Assume that the base address of the arrays A and B are in registers $s6 and $s7, respectively. addi $t0, $s6, 4 add $t1, $s6, $0 sw $t1, 0($t0) lw $t0, 0($t0) add $s0, $t1, $t0arrow_forwardHere is my question from homework: int x; short y, z; cin>>x; y=x; z= y+2; cout<<"First number is: "<<x<<endl; cout<<"Second number is: "<<y<<endl; cout<<"Third number is: "<<z<<endl; End of HW problem My question is how do I utilize short variable type in MIPS assembly code and get it to work with int data type?arrow_forwardProblem 1. Two DNA strands of length 100 (number of bases in the sequence) are given in DNA1.txt and DNA2.txt file. Find the longest common subsequence (LCS) between the two sequences using dynamic programming bottom-up (tabulation) approach. Submit your code to solve the problem. How much time (in seconds or milliseconds) is required by your computer to run the algorithm? Solve the same LCS problem using dynamic programming top-down (memorization) approach. Submit your code to solve the problem. How much time (in seconds or milliseconds) is required by your computer to run the algorithm. Which solution is faster and why? Discuss your solutions.arrow_forward
- 1.BL=00, after instruction DEC BL is executed, CF =? 2.CH=80H; after ROL CH, 1; CH=?arrow_forwardWrite a C/C++ code to Implement the following scenario: An ISP is granted a block of addresses starting with 190.100.0.0/16 (65,536 addresses). The ISP needs to distribute these addresses to three groups of customers as follows: a. The first group has 64 customers; each needs 256 addresses. b. The second group has 128 customers; each needs 128 addresses. c. The third group has 128 customers; each needs 64 addresses. Design and Implement the sub blocks and find out how many addresses are still available after these allocations.arrow_forward[Note: You are allowed to use only instructions implemented by the actual MIPS hardwareprovided in attached photos below. Use assembly language format from the references orthe book. Note, base ten numbers are listed as normal (e.g. 23), binary numbers areprefixed with 0b and hexadecimal numbers are prefixed with 0x.] Write a C program and corresponding assembly program based on MIPS ISA that reads three edges for a triangle and computes the perimeter if the input is valid. Otherwise, display that the input is invalid. The input is valid if the sum of every pair of two edges is greater than the remaining edge. [Direction: You can consult any resources such as books, online references, and videosfor this assignment, however, you have to properly cite and paraphrase your answerswhen it is necessary.] solve it any how urgently please.arrow_forward
- Needed urgently... do it fast as possible... do both parts (a) and (b)arrow_forwardPlease do not give solution in image formate thanku For the following C statement, what is the corresponding MIPS assembly code? Assume that the variables f, g, and h, have already been placed in registers $S0, $S1, and $S2, respectively. Use a minimal number of MIPS assembly instructions. f = g + (h − 5)arrow_forward(Practice) Although the total number of bytes varies from computer to computer, memory sizes of millions and billions of bytes are common. In computer language, the letter M representsthe number 1,048,576, which is 2 raised to the 20th power, and G represents 1,073,741,824, which is 2 raised to the 30th power. Therefore, a memory size of 4 MB is really 4 times 1,048,576 (4,194,304 bytes), and a memory size of 2 GB is really 2 times 1,073,741,824 (2,147,483,648 bytes). Using this information, calculate the actual number of bytes in the following: a. A memory containing 512 MB b. A memory consisting of 512 MB words, where each word consists of 2 bytes c. A memory consisting of 512 MB words, where each word consists of 4 bytes d. A thumb drive that specifies 2 GB e. A disk that specifies 4 GB f. A disk that specifies 8 GBarrow_forward
- C++ for Engineers and ScientistsComputer ScienceISBN:9781133187844Author:Bronson, Gary J.Publisher:Course Technology Ptr