Re: [OT] Testing PROT_NONE and other protections, and a surprise

[Kyle Moffett]

On Jul 01, 2004, at 10:50, Jamie Lokier wrote:
> Kyle Moffett wrote:
> > > The error code is -1, aka. MAP_FAILED.
> > Oops!  I guess I was just lucky that part didn't fail :-D On the
> > other hand, it couldn't legally return 0 anyway, could it?
>
> Yes it could -- if you request a mapping at address 0 with MAP_FIXED.
> A few OSes won't do that, but Linux and many others will.

That allows untrapped dereferencing of a NULL pointer.  IMHO, that
would be a very unintelligent thing for a program to do, to deny itself
the bug-catching features provided therein, but it's interesting to see
that it is possible.

#include <sys/types.h>
#include <sys/mman.h>

int main() {
	void *mem = mmap(0,4096,PROT_WRITE,MAP_FIXED|MAP_ANON|MAP_SHARED,-1,0);
	if (mem == MAP_FAILED) return 1;
	((long *)mem)[0] = 1;
	return 0;
}

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/