Playing with memory in C++

Question

This is bit of a strange one...I've written a very short bit of code to allocate some memory for an integer, save a value to it and print out the memory address where it is saved:

#include <iostream>

using namespace std;

int main (void) {

    int * b = new int;

    *b = 12345;

    cout << "   -> *b = " << *b << endl;
    cout << "   ->  b = " <<  b << endl;

    return 0;
}

Lets say this returns the following:

-> *b = 123456
->  b = 0x7f9429c04bf0

So far as I know there is no reason why this value is not still chilling in memory as I didn't actively remove it - so, just for fun, I try and run the following:

#include <iostream>

using namespace std;

int main (void) {

    int * b = reinterpret_cast <int*> (0x7f9429c04bf0);

    cout << "   -> *b = " << *b << endl;
    cout << "   ->  b = " <<  b << endl;

    return 0;
}

which throws a segfault - does anyone know why this isn't allowed? I mean...it clearly isn't a good idea and I have no plans to use it in practise but I am curious. Cheers! Jack

Answer 1

Each process has its own virtual memory space separate from other processes. When the process terminates, its memory is reclaimed by the operating system.

The reason it's throwing a segfault is because the OS is unhappy with your program trying to access memory that does not belong to it.

The whole idea behind having protected memory is to isolate processes so that they can't mess with each other's memory and cause nastiness to happen. And even if you could access random memory locations, you wouldn't really find anything interesting there. It's basically the same kind of stuff you get when accessing an uninitialized pointer.

Answer 2

Each Process runs in its own address space, the address ur passing to reinterpret_cast should be accessible in the address space of the current process, which it isn't as the second process has a different address space layout. Also, each iteration of even the first program will give u different addresses, which is the whole point of ASLR(Address Space Layout Randomization), that is, to randomize key parts of the process memory on each new instance. Having static addresses, as used to be the case pre-ASLR, would cause havoc, leading to easy exploitation of vulnerable programs.

Read More about ASLR: http://en.wikipedia.org/wiki/Address_space_layout_randomization Virtual Memory: http://en.wikipedia.org/wiki/Virtual_memory

Answer 3

Most modern C++ platforms work with virtual memory provided by the underlying OS. Virtual memory is not a trivial physical form of storage you seem to believe it is. Virtual memory is just an imaginary conceptual storage that exists only as long as the process runs. It simulates "memory-like" behavior every time you access your process address space.

Your access to 0x7f9429c04bf0 is not access to physical memory address, it is access to the process virtual address space, which will be redirected to some physical location that you cannot predict.

And when your process ends, its virtual memory disappears forever. It was simulated anyway, fake in a sense. When you start another process, it gets its own virtual memory that has no connection to the old one whatsoever. In that new process access to 0x7f9429c04bf0 will lead to some other physical location you cannot predict (or, as in your case, crash, if 0x7f9429c04bf0 is not even valid).

To expect that your value is "still chilling in memory" would be rather naive. In fact, your value has never really been in any "memory" suitable for any kind of "chilling".

Answer 4

Even if you ran both programs at once I would hope you got kicked for that, in stead of getting the right answer. The implication that you think I should be able to access another programs data by guessing addresses is scary, although if you want some history, there used to be a game called "core wars" which involved doing exactly that to try to make each other crash ...

I suppose the real answer is that this has "undefined behaviour" and you should be grateful it didn't just implode.