Exploit more memory than allocated with malloc(), why?
This article contains information about why are we able to store more data than the allocated space by malloc without giving error and how its related to pages?
Lets get started with some basic terminologies to understand more about it in easy way.
What is PID and its internal structure?
Process ID (PID) is a unique number assigned by kernel to each process but, internally it is just a folder or directory which contains all information/data of a process. In other words, each process has a unique folder/directory assigned to it. Developer can actually look inside this folder.
In Linux, to see or look into these folders, entire RAM is mounted on “/proc” folder and this folder doesn’t exist in hard disk, it is created when OS is booted. PID is divided into lots of parts but, below three parts play an essential role ::
i} Code Section → Contains machine code or binary code and it is necessary because, this code will be executed by CPU.
ii} Stack Memory → It holds all static variables or static functions e.g. x=5, it will be stored in stack memory, to get no. of bytes assigned for a variable. In other words, fixed size memory allocation is stored in stack memory.
iii} Heap Memory → It is used for dynamic memory allocation i.e. runtime. In other words, no. of bytes allocated at runtime by developer is stored in heap memory. Heap memory plays a vital role because now-a-days almost every application keep on asking information at runtime and it all depend on developer.
What is malloc() function?
“malloc()” is a pre-defined function in C library which is used to store data on top of heap memory. Heap memory means dynamic memory allocation i.e. malloc is used to store data at runtime and only way to access heap memory is by using a pointer. Therefore, malloc() returns address of a variable. Default return type of malloc() is void.
- datatype *variable_name = (datatype*)malloc(no._of_elements*sizeof(datatype))
One thing to note is that, when user/developer allocates some memory inside heap memory, its his/her responsibility to free up or clean that allocated memory manually after program is stopped or execution is completed (for stack memory, this happens internally but not for heap memory). To free up the memory, “free” function is used.
What is a Page in memory?
A page is a fixed-length contiguous block of virtual memory, in other words, paging is used to implement virtual memory: Your logical address space is divided into pages, and each page can be mapped to a physical address in RAM, or can be assigned to some location in your backing store. Because the computer has to keep track of how each page is used, we make the pages reasonably large to avoid having an unreasonably large number of pages.
Why I can use more memory than how much I’ve allocated with malloc()?
Above code should throw error but it gets executed perfectly. This happens because, its related to “pages”.
To be more specific, this depends entirely on your operating system and CPU architecture, the operating system allocates “pages” of memory to your program. The operating system is the guardian of pages and will immediately terminate any program that attempts to access a page it has not been assigned.
“malloc”, on other hand, not an operating system function but a C library call. Call to malloc results in a page request from OS then, malloc decides to give you a pointer to a single byte inside that page. When you wrote to the memory(i.e. RAM) from the location you were given, you were just writing in a “page” that the operating system had granted your program, and thus the operating system will not see any wrong doing.
In other words, you are able to write immediately after arr[size], but ::
- Those bytes may belong to other bits of your program, which will cause problems later in the execution.
- Or, they might NOT belong to your program, which will result in an immediate segmentation fault.
The real problems, will begin when you continue to call malloc to assign more memory. It will eventually return pointers to the locations you just wrote over. This is called a "buffer overflow", when you write to memory locations that are legal but, could potentially be overwriting memory another part of the program will also be using.
Now you know how paging is related to “malloc()” and why more memory can be allocated without any error.