variable initialization
play

Variable Initialization Some languages let you declare variables - PowerPoint PPT Presentation

Oct 15, 2022 •33 likes •203 views

Variable Initialization Some languages let you declare variables without specifying their initial values And let you use them without initializing them E.g., C and C++ Why is that a problem? Lecture 14 Page 1 CS 236 Online

  1. Variable Initialization • Some languages let you declare variables without specifying their initial values • And let you use them without initializing them – E.g., C and C++ • Why is that a problem? Lecture 14 Page 1 CS 236 Online

  2. Variable Initialization • Some languages let you declare variables without specifying their initial values • And let you use them without initializing them – E.g., C and C++ • Why is that a problem? Lecture 14 Page 2 CS 236 Online

  3. A Little Example main() { bar() { foo(); int aa; bar(); int bb; } int cc; foo() printf("aa = %d\n",aa); { printf("bb = %d\n",bb); int a; printf("cc = %d\n",cc); int b; } int c; a = 11; b = 12; c = 13; } Lecture 14 Page 3 CS 236 Online

  4. What’s the Output? lever.cs.ucla.edu[9]./a.out aa = 11 bb = 12 cc = 13 • Perhaps not exactly what you might want Lecture 14 Page 4 CS 236 Online

  5. Why Is This Dangerous? • Values from one function “leak” into another function • If attacker can influence the values in the first function, • Maybe he can alter the behavior of the second one Lecture 14 Page 5 CS 236 Online

  6. Variable Cleanup • Often, programs reuse a buffer or other memory area • If old data lives in this area, might not be properly cleaned up • And then can be treated as something other than what it really was • E.g., bug in Microsoft TCP/IP stack – Old packet data treated as a function pointer Lecture 14 Page 6 CS 236 Online

  7. Use-After-Free Bugs • Increasingly popular security bug type • Related to memory management – Memory structures are dynamically allocated on the heap • Either explicitly or implicitly freed – Depending on language and context • In some cases, pointers can be used to access freed memory – E.g., in C and C++ Lecture 14 Page 7 CS 236 Online

  8. An Example Use-After-Free Bug • In OpenSSL (from 2009) . . . frag->fragment,frag->msg_header.frag_len); } dtls1_hm_fragment_free(frag); dtls1_hm_fragment_free(frag); pitem_free(item); if (al==0) { *ok = 1; return frag->msg_header.frag_len; return frag->msg_header.frag_len } Lecture 14 Page 8 CS 236 Online

  9. What Was the Effect? • Typically, crashing the program • But it would depend • When combined with other vulnerabilities, could be worse • E.g., arbitrary code execution • Often making use of poor error handling code Lecture 14 Page 9 CS 236 Online

  10. Recent Examples of Use-After- Free Bugs • Internet Explorer (2014, several in 2012-2013) • Adobe Reader and Acrobat (2014) • Mozilla, multiple products (2012) • Google Chrome (2012) Lecture 14 Page 10 CS 236 Online

  11. Some Other Problem Areas • Handling of data structures – Indexing error in DAEMON Tools • Arithmetic issues – Integer overflow in Sophos antivirus – Signedness error in XnView • Errors in flow control – Samba error that causes loop to use wrong structure • Off-by-one errors – Denial of service flaw in Clam AV Lecture 14 Page 11 CS 236 Online

  12. Yet More Problem Areas • Null pointer dereferencing – Xarrow SCADA system denial of service • Side effects • Punctuation errors • Typos and cut-and-paste errors – Recent iOS vulnerability based on inadvertent duplication of a goto statement • There are many others Lecture 14 Page 12 CS 236 Online

  13. Why Should You Care? • A lot of this stuff is kind of exotic • Might seem unlikely it can be exploited • Sounds like it would be hard to exploit without source code access • Many examples of these bugs probably unexploitable Lecture 14 Page 13 CS 236 Online

  14. So . . .? • Well, that’s what everyone thinks before they get screwed • “Nobody will find this bug” • “It’s too hard to figure out how to exploit this bug” • “It will get taken care of by someone else” – Code auditors – Testers – Firewalls Lecture 14 Page 14 CS 236 Online

  15. That’s What They Always Say • Before their system gets screwed • Attackers can be very clever – Maybe more clever than you • Attackers can work very hard – Maybe harder than you would • Attackers may not have the goals you predict Lecture 14 Page 15 CS 236 Online

  16. But How to Balance Things? • You only have a certain amount of time to design and build code • Won’t secure coding cut into that time? • Maybe • But less if you develop code coding practices • If you avoid problematic things, you’ll tend to code more securely Lecture 14 Page 16 CS 236 Online

  17. Some Good Coding Practices • Validate input • Be careful with failure conditions and return codes • Avoid dangerous constructs – Like C input functions that don’t specify amount of data • Keep it simple Lecture 14 Page 17 CS 236 Online

Recommend

1 Characters Boolean A char variable stores a single character A boolean value represents

1 Characters Boolean A char variable stores a single character A boolean value represents

CSC 2014 Java Bootcamp Lecture 2 Variables, Expressions, I/O & Control VARIABLES & EXPRESSIONS 2 Variables Variable Initialization A variable is a name for a location in memory A variable can be given an initial value in the

105 views • 10 slides
for Sound Object Initialization Xin Qi and Andrew C. Myers Cornell University Friday, June 3,

for Sound Object Initialization Xin Qi and Andrew C. Myers Cornell University Friday, June 3,

for Sound Object Initialization Xin Qi and Andrew C. Myers Cornell University Friday, June 3, 2011 Fix the initialization problem Current mechanisms for object initialization are unsound This talk: a lightweight type system for sound

365 views • 22 slides
Cluster Center Initialization for Categorical Data Using Multiple Attribute Clustering Shehroz S.

Cluster Center Initialization for Categorical Data Using Multiple Attribute Clustering Shehroz S.

Outline Introduction K-Modes Clustering Cluster Center Initialization Proposed Approach Results Conclusions Cluster Center Initialization for Categorical Data Using Multiple Attribute Clustering Shehroz S. Khan 1 Amir Ahmad 2 1 David R.

598 views • 31 slides
Initializer lists and uniform initialization slides based on talk by Bjarne Stroustrup Jon

Initializer lists and uniform initialization slides based on talk by Bjarne Stroustrup Jon

Initializer lists Uniform initialization Initializer lists and uniform initialization slides based on talk by Bjarne Stroustrup Jon Elverkilde April 25, 2008 Initializer lists Uniform initialization Initializer lists myClass :

487 views • 15 slides
Selection of variables in initialization of Modelica models Masoud Najafi INRIA ( French national

Selection of variables in initialization of Modelica models Masoud Najafi INRIA ( French national

Selection of variables in initialization of Modelica models Masoud Najafi INRIA ( French national research institute on computer and control ) Rocquencourt, France Outline The Modelica language in Scicos Initialization of Modelica models

243 views • 20 slides
Fast and Energy-Efficient In-DRAM Bulk Data Copy and Initialization Vivek Seshadri Y. Kim, C.

Fast and Energy-Efficient In-DRAM Bulk Data Copy and Initialization Vivek Seshadri Y. Kim, C.

Fast and Energy-Efficient In-DRAM Bulk Data Copy and Initialization Vivek Seshadri Y. Kim, C. Fallin, D. Lee, R. Ausavarungnirun, G. Pekhimenko, Y. Luo, O. Mutlu, P. B. Gibbons, M. A. Kozuch, T. C. Mowry Bulk data copy and initialization

702 views • 49 slides
Variables in C++ The variable C++ Variables Kinds of Variables Memory storage

Variables in C++ The variable C++ Variables Kinds of Variables Memory storage

Variables in C++ The variable C++ Variables Kinds of Variables Memory storage Variable qualifiers The variable The variable A variable declaration is a request for space Basic data types in memory int , short,

239 views • 6 slides
Numberjack User Guide May 27, 2013 1 Variables Constructor for the class Variable : Constructor

Numberjack User Guide May 27, 2013 1 Variables Constructor for the class Variable : Constructor

Numberjack User Guide May 27, 2013 1 Variables Constructor for the class Variable : Constructor Object Binary variable Variable() Variable in the domain of { 0, N-1 } Variable(N) Binary variable called x Variable(x) Variable in

418 views • 4 slides
1 Example : Example: Medical researchers have noted that adolescent females are more likely

1 Example : Example: Medical researchers have noted that adolescent females are more likely

Regression analysis is used to investigate whether there is a linear STAT E-150 relationship between two quantitative variables. Statistical Methods The variable we want to predict is the response variable ; the variable we use for this

366 views • 11 slides
CSE 143 Initialization: Review Variables must be initialized before 1st use int sum; Class

CSE 143 Initialization: Review Variables must be initialized before 1st use int sum; Class

CSE 143 Initialization: Review Variables must be initialized before 1st use int sum; Class Constructors for (int i = 0; i < 10; i++) sum = sum + i; //whoops! Simple types can be initialized at declaration [Chapter 3, pp. 127-131]

573 views • 4 slides
Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on

Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on

Progress Towards a More Efficient Initialization for Discontinuous Galerkin FE Codes Based on Interface Elements Andrew Seagraves 18.337 Final Project My Parallel DG Code Computes the solution to non-linear elasticity problems allowing

387 views • 20 slides
Improved Initialization and Prediction of Clouds in Numerical Weather Prediction Tom Aulign

Improved Initialization and Prediction of Clouds in Numerical Weather Prediction Tom Aulign

Sixth Symposium on Data Assimilation. Washington, DC. Oct. 7-11, 2013 Improved Initialization and Prediction of Clouds in Numerical Weather Prediction Tom Aulign National Center for Atmospheric Research Acknowledgments: Gael Descombes,

255 views • 14 slides
Template Rendering DTL Usage Variables {{variable}} Notation: IF Variable Not Valid:

Template Rendering DTL Usage Variables {{variable}} Notation: IF Variable Not Valid:

Template Rendering DTL Usage Variables {{variable}} Notation: IF Variable Not Valid: TEMPLATE_STRING_IF_INVALID Filters Notation: {{variable|filter}} Example: {{ name|lower }} {{bio|truncatewords:30 }} {{value|filesizeformat}} Tags

561 views • 12 slides
Programming in C 1 Pointer Variable A variable that stores a memory address Allows C

Programming in C 1 Pointer Variable A variable that stores a memory address Allows C

Programming in C 1 Pointer Variable A variable that stores a memory address Allows C programs to simulate call-by-reference Allows a programmer to create and manipulate dynamic data structures Must be defined before it can be used

729 views • 28 slides
Lecture 26/Chapter 22 variable of interest is categorical) or mean (if variable of interest is

Lecture 26/Chapter 22 variable of interest is categorical) or mean (if variable of interest is

Two Forms of Inference Confidence interval: Set up a range of plausible values for the unknown population proportion (if Lecture 26/Chapter 22 variable of interest is categorical) or mean (if variable of interest is quantitative). Hypothesis

79 views • 5 slides
Improving Transformer Optimization Through Better Initialization Xiao Shi Huang*, Felipe Perez*,

Improving Transformer Optimization Through Better Initialization Xiao Shi Huang*, Felipe Perez*,

Improving Transformer Optimization Through Better Initialization Xiao Shi Huang*, Felipe Perez*, Jimmy Ba, Maksims Volkovs 1 Transformer in Detail Removing Warmup: T-Fixup Agenda Experimental Results Summary 2

484 views • 23 slides
Variable & Value Ordering Heuristics Heuristics for backtracking algorithms Variable

Variable & Value Ordering Heuristics Heuristics for backtracking algorithms Variable

Variable & Value Ordering Heuristics Heuristics for backtracking algorithms Variable ordering what variable to branch on next Value ordering given a choice of variable, what order to try values Constraint ordering what

622 views • 31 slides
A signal propagation perspective for pruning neural networks at initialization Namhoon Lee 1 ,

A signal propagation perspective for pruning neural networks at initialization Namhoon Lee 1 ,

A signal propagation perspective for pruning neural networks at initialization Namhoon Lee 1 , Thalaiyasingam Ajanthan 2 , Stephen Gould 2 , Philip Torr 1 1 University of Oxford, 2 Australian National University ICLR 2020 Spotlight presentation

242 views • 21 slides
Denotational semantics for lazy initialization of letrec black holes as exceptions rather than

Denotational semantics for lazy initialization of letrec black holes as exceptions rather than

Denotational semantics for lazy initialization of letrec black holes as exceptions rather than divergence Keiko Nakata Institute of Cybernetics at Tallinn University of Technology Abstract We present a denotational semantics for a simply typed

333 views • 6 slides
Variable Benefit Plans in Depth Kelly Coffing, FSA, EA, MAAA September 21, 2019 Agenda The

Variable Benefit Plans in Depth Kelly Coffing, FSA, EA, MAAA September 21, 2019 Agenda The

Variable Benefit Plans in Depth Kelly Coffing, FSA, EA, MAAA September 21, 2019 Agenda The case for variable plans How variable plans work Smoothing variable benefits Regulatory situation How to explore variable plans 2 The

751 views • 51 slides
Improving Neural Language Models with Weight Norm Initialization and Regularization Christian

Improving Neural Language Models with Weight Norm Initialization and Regularization Christian

Improving Neural Language Models with Weight Norm Initialization and Regularization Christian Herold Yingbo Gao Hermann Ney <surname>@i6.informatik.rwth-aachen.de October 31st, 2018 Human Language Technology and Pattern

368 views • 16 slides
K-MEANS++ OPTIMAL INITIALIZATION ALGORITHM An Improved K-means Clustering Method OVERVIEW

K-MEANS++ OPTIMAL INITIALIZATION ALGORITHM An Improved K-means Clustering Method OVERVIEW

K-MEANS++ OPTIMAL INITIALIZATION ALGORITHM An Improved K-means Clustering Method OVERVIEW K-means Clustering Algorithm K-means++ Initialization Algorithm Experiment Datasets Conclusion K-MEANS CLUSTERING ALGORITHM A

313 views • 14 slides
V3 1/3/2015 Programming in C 1 Pointer Variable A variable that stores a memory address

V3 1/3/2015 Programming in C 1 Pointer Variable A variable that stores a memory address

V3 1/3/2015 Programming in C 1 Pointer Variable A variable that stores a memory address Allows C programs to simulate call-by-reference Allows a programmer to create and manipulate dynamic data structures Must be defined before

282 views • 10 slides
Type-based Object Immutability with Flexible Initialization Christian Haack 1 , 2 Erik Poll 1 1

Type-based Object Immutability with Flexible Initialization Christian Haack 1 , 2 Erik Poll 1 1

Type-based Object Immutability with Flexible Initialization Christian Haack 1 , 2 Erik Poll 1 1 Radboud University, Nijmegen, The Netherlands 2 aicas GmbH, Karlsruhe, Germany ECOOP 2009 in Genoa, July 510 http://mobius.inria.fr What is this

990 views • 34 slides

More recommend