Testing pointers for validity C C

Question

Is there any way to determine  programatically  of course  if a given pointer is  valid   Checking for NULL is easy  but what about things like 0x00001234  When trying to dereference this kind of pointer an exception crash occurs   A cross-platform method is preferred  but platform-specific  for Windows and Linux  is also ok   Update for clarification  The problem is not with stale freed uninitialized pointers  instead  I m implementing an API that takes pointers from the caller  like a pointer to a string  a file handle  etc    The caller can send  in purpose or by mistake  an invalid value as the pointer  How do I prevent a crash

User · Answer

There are no provisions in C   to test for the validity of a pointer as a general case  One can obviously assume that NULL  0x00000000  is bad  and various compilers and libraries like to use  special values  here and there to make debugging easier  For example  if I ever see a pointer show up as 0xCECECECE in visual studio I know I did something wrong  but the truth is that since a pointer is just an index into memory it s near impossible to tell just by looking at the pointer if it s the  right  index    There are various tricks that you can do with dynamic cast and RTTI such to ensure that the object pointed to is of the type that you want  but they all require that you are pointing to something valid in the first place    If you want to ensure that you program can detect  invalid  pointers then my advice is this  Set every pointer you declare either to NULL or a valid address immediately upon creation and set it to NULL immediately after freeing the memory that it points to  If you are diligent about this practice  then checking for NULL is all you ever need

User · Answer

Regarding the answer a bit up in this thread      IsBadReadPtr    IsBadWritePtr    IsBadCodePtr    IsBadStringPtr   for Windows    My advice is to stay away from them  someone has already posted this one  http   blogs msdn com oldnewthing archive 2007 06 25 3507294 aspx  Another post on the same topic and by the same author  I think  is this one  http   blogs msdn com oldnewthing archive 2006 09 27 773741 aspx   IsBadXxxPtr should really be called CrashProgramRandomly     If the users of your API sends in bad data  let it crash  If the problem is that the data passed isn t used until later  and that makes it harder to find the cause   add a debug mode where the strings etc  are logged at entry  If they are bad it will be obvious  and probably crash   If it is happening way to often  it might be worth moving your API out of process and let them crash the API process instead of the main process

User · Answer

It is not a very good policy to accept arbitrary pointers as input parameters in a public API  It s better to have  plain data  types like an integer  a string or a struct  I mean a classical struct with plain data inside  of course  officially anything can be a struct    Why  Well because as others say there is no standard way to know whether you ve been given a valid pointer or one that points to junk   But sometimes you don t have the choice - your API must accept a pointer   In these cases  it is the duty of the caller to pass a good pointer  NULL may be accepted as a value  but not a pointer to junk   Can you double-check in any way  Well  what I did in a case like that was to define an invariant for the type the pointer points to  and call it when you get it  in debug mode   At least if the invariant fails  or crashes  you know that you were passed a bad value      API that does not allow NULL void PublicApiFunction1 Person  in person      assert in person    NULL     assert in person- gt Invariant           Actual code          API that allows NULL void PublicApiFunction2 Person  in person      assert in person    NULL    in person- gt Invariant           Actual code  must keep in mind that in person may be NULL

User · Answer

Update for clarification  The problem is not with stale  freed or uninitialized pointers  instead  I m implementing an API that takes pointers from the caller  like a pointer to a string  a file handle  etc    The caller can send  in purpose or by mistake  an invalid value as the pointer  How do I prevent a crash    You can t make that check  There is simply no way you can check whether a pointer is  valid   You have to trust that when people use a function that takes a pointer  those people know what they are doing  If they pass you 0x4211 as a pointer value  then you have to trust it points to address 0x4211  And if they  accidentally  hit an object  then even if you would use some scary operation system function  IsValidPtr or whatever   you would still slip into a bug and not fail fast   Start using null pointers for signaling this kind of thing and tell the user of your library that they should not use pointers if they tend to accidentally pass invalid pointers  seriously

User · Answer

You know  a new driver  at least on Linux  that is capable of this probably wouldn t be that hard to write   On the other hand  it would be folly to build your programs like this  Unless you have some really specific and single use for such a thing  I wouldn t recommend it  If you built a large application loaded with constant pointer validity checks it would likely be horrendously slow

User · Answer

Preventing a crash caused by the caller sending in an invalid pointer is a good way to make silent bugs that are hard to find    Isn t it better for the programmer using your API to get a clear message that his code is bogus by crashing it rather than hiding it

User · Answer

I have seen various libraries use some method to check for unreferenced memory and such  I believe they simply  override  the memory allocation and deallocation methods  malloc free   which has some logic that keeps track of the pointers  I suppose this is overkill for your use case  but it would be one way to do it

User · Answer

It s unbelievable how much misleading information you can read in articles above     And even in microsoft msdn documentation IsBadPtr is claimed to be banned  Oh well - I prefer working application rather than crashing  Even if term working might be working incorrectly  as long as end-user can continue with application    By googling I haven t found any useful example for windows - found a solution for 32-bit apps    http   www codeproject com script Content ViewAssociatedFile aspx rzp  2FKB 2Fsystem 2Fdetect-driver 2F 2FDetectDriverSrc zip amp zep DetectDriverSrc 2FDetectDriver 2Fsrc 2FdrvCppLib 2Frtti cpp amp obid 58895 amp obtid 2 amp ovid 2  but I need also to support 64-bit apps  so this solution did not work for me   But I ve harvested wine s source codes  and managed to cook similar kind of code which would work for 64-bit apps as well - attaching code here    include  lt typeinfo h gt      typedef void   v table ptr         typedef struct  cpp object             v table ptr     vtable       cpp object         ifndef  WIN64 typedef struct  rtti object locator       unsigned int signature      int base class offset      unsigned int flags      const type info  type descriptor        const rtti object hierarchy  type hierarchy    rtti object locator   else  typedef struct       unsigned int signature      int base class offset      unsigned int flags      unsigned int type descriptor      unsigned int type hierarchy      unsigned int object locator    rtti object locator      endif     Get type info from an object  internal       static const rtti object locator  RTTI GetObjectLocator void  inptr             cpp object  cppobj    cpp object   inptr        const rtti object locator  obj locator   0          if   IsBadReadPtr cppobj  sizeof void     amp  amp              IsBadReadPtr cppobj- gt vtable - 1  sizeof void     amp  amp              IsBadReadPtr  void  cppobj- gt vtable -1   sizeof rtti object locator                      obj locator    rtti object locator   cppobj- gt vtable -1                  return obj locator          And following code can detect whether pointer is valid or not  you need probably to add some NULL checking       CTest  t   new CTest          t    CTest   0        t    CTest   0x12345678       const rtti object locator  ptr   RTTI GetObjectLocator t       ifdef  WIN64     char  base   ptr- gt signature    0    char  RtlPcToFileHeader  void  ptr   void    amp base     char  ptr - ptr- gt object locator      const type info  td    const type info   base   ptr- gt type descriptor    else     const type info  td   ptr- gt type descriptor   endif     const char  n  td- gt name      This gets class name from pointer - I think it should be enough for your needs   One thing which I m still afraid is performance of pointer checking - in code snipet above there is already 3-4 API calls being made - might be overkill for time critical applications   It would be good if someone could measure overhead of pointer checking compared for example to C  managed c   calls

User · Answer

On Win32 64 there is a way to do this   Attempt to read the pointer and catch the resulting SEH exeception that will be thrown on failure   If it doesn t throw  then it s a valid pointer   The problem with this method though is that it just returns whether or not you can read data from the pointer   It makes no guarantee about type safety or any number of other invariants   In general this method is good for little else other than to say  yes  I can read that particular place in memory at a time that has now passed      In short  Don t do this     Raymond Chen has a blog post on this subject  http   blogs msdn com oldnewthing archive 2007 06 25 3507294 aspx

User · Answer

There isn t any portable way of doing this  and doing it for specific platforms can be anywhere between hard and impossible  In any case  you should never write code that depends on such a check - don t let the pointers take on invalid values in the first place

User · Answer

I ve got a lot of sympathy with your question  as I m in an almost identical position myself   I appreciate what a lot of the replies are saying  and they are correct - the routine supplying the pointer should be providing a valid pointer   In my case  it is almost inconceivable that they could have corrupted the pointer - but if they had managed  it would be MY software that crashes  and ME that would get the blame  -   My requirement isn t that I continue after a segmentation fault - that would be dangerous - I just want to report what happened to the customer before terminating so that they can fix their code rather than blaming me   This is how I ve found to do it  on Windows   http   www cplusplus com reference clibrary csignal signal    To give a synopsis    include  lt signal h gt   using namespace std   void terminate int param      Function executed if a segmentation fault is encountered during the cast to an instance      cerr  lt  lt    nThe function received a corrupted reference - please check the user-supplied  dll  n     cerr  lt  lt   Terminating program    n     exit 1          void MyFunction         void   previous sigsegv function  int       previous sigsegv function   signal SIGSEGV  terminate         lt -- insert risky stuff here -- gt       signal SIGSEGV  previous sigsegv function       Now this appears to behave as I would hope  it prints the error message  then terminates the program  - but if someone can spot a flaw  please let me know

User · Answer

Here are three easy ways for a C program under Linux to get introspective about the status of the memory in which it is running  and why the question has appropriate sophisticated answers in some contexts    After calling getpagesize   and rounding the pointer to a page boundary  you can call mincore   to find out if a page is valid and if it happens to be part of the process working set  Note that this requires some kernel resources  so you should benchmark it and determine if calling this function is really appropriate in your api  If your api is going to be handling interrupts  or reading from serial ports into memory  it is appropriate to call this to avoid unpredictable behaviors  After calling stat   to determine if there is a  proc self directory available  you can fopen and read through  proc self maps to find information about the region in which a pointer resides  Study the man page for proc  the process information pseudo-file system  Obviously this is relatively expensive  but you might be able to get away with caching the result of the parse into an array you can efficiently lookup using a binary search  Also consider the  proc self smaps  If your api is for high-performance computing then the program will want to know about the  proc self numa which is documented under the man page for numa  the non-uniform memory architecture  The get mempolicy MPOL F ADDR  call is appropriate for high performance computing api work where there are multiple threads of execution and you are managing your work to have affinity for non-uniform memory as it relates to the cpu cores and socket resources  Such an api will of course also tell you if a pointer is valid    Under Microsoft Windows there is the function QueryWorkingSetEx that is documented under the Process Status API  also in the NUMA API   As a corollary to sophisticated NUMA API programming this function will also let you do simple  testing pointers for validity  C C     work  as such it is unlikely to be deprecated for at least 15 years

User · Answer

Firstly  I don t see any point in trying to protect yourself from the caller deliberately trying to cause a crash  They could easily do this by trying to access through an invalid pointer themselves  There are many other ways - they could just overwrite your memory or the stack  If you need to protect against this sort of thing then you need to be running in a separate process using sockets or some other IPC for communication   We write quite a lot of software that allows partners customers users to extend functionality  Inevitably any bug gets reported to us first so it is useful to be able to easily show that the problem is in the plug-in code  Additionally there are security concerns and some users are more trusted than others   We use a number of different methods depending on performance throughput requirements and trustworthyness  From most preferred    separate processes using sockets  often passing data as text   separate processes using shared memory  if large amounts of data to pass   same process separate threads via message queue  if frequent short messages   same process separate threads all passed data allocated from a memory pool  same process via direct procedure call - all passed data allocated from a memory pool     We try never to resort to what you are trying to do when dealing with third party software - especially when we are given the plug-ins library as binary rather than source code   Use of a memory pool is quite easy in most circumstances and needn t be inefficient  If YOU allocate the data in the first place then it is trivial to check the pointers against the values you allocated  You could also store the length allocated and add  magic  values before and after the data to check for valid data type and data overruns

User · Answer

On Unix you should be able to utilize a kernel syscall that does pointer checking and returns EFAULT  such as    include  lt unistd h gt   include  lt stdio h gt   include  lt sys types h gt   include  lt sys stat h gt   include  lt fcntl h gt   include  lt errno h gt   include  lt stdbool h gt   bool isPointerBad  void   p        int fh   open  p  0  0       int e   errno      if   -1    fh  amp  amp  e    EFAULT              printf   bad pointer   p n   p          return true          else if   fh    -1              close  fh             printf   good pointer   p n   p       return false     int main        int good   4     isPointerBad   void   3       isPointerBad   amp good       isPointerBad    tmp blah         return 0      returning   bad pointer  0x3 good pointer  0x7fff375fd49c good pointer  0x400793   There s probably a better syscall to use than open    perhaps access   since there s a chance that this could lead to actual file creation codepath  and a subsequent close requirement

User · Answer

Following does work in Windows  somebody suggested it before     static void copy void   target  const void  source  int size            try                 CopyMemory target  source  size                 except EXCEPTION EXECUTE HANDLER                  doSomething --whatever--               The function has to be static  standalone or static method of some class  To test on read-only  copy data in the local buffer  To test on write without modifying contents  write them over  You can test first last addresses only  If pointer is invalid  control will be passed to  doSomething   and then outside the brackets  Just do not use anything requiring destructors  like CString

User · Answer

There is no way to make that check in C    What should you do if other code passes you an invalid pointer  You should crash  Why  Check out this link  http   blogs msdn com oldnewthing archive 2006 09 27 773741 aspx

User · Answer

This article MEM10-C  Define and use a pointer validation function says it is possible to do a check to some degree  especially under Linux OS

User · Answer

Setting the pointer to NULL before and after using is a good technique  This is easy to do in C   if you manage pointers within a class for example  a string    class SomeClass   public      SomeClass         SomeClass         void SetText  const char  text       char  GetText   const   return MyText        void Clear     private      char   MyText       SomeClass  SomeClass         MyText   NULL      SomeClass   SomeClass         Clear       void SomeClass  Clear         if  MyText          free  MyText        MyText   NULL       void SomeClass  Settext  const char  text        Clear         MyText   malloc  strlen text         if  MyText          strcpy  MyText  text

User · Answer

As others have said  you can t reliably detect an invalid pointer   Consider some of the forms an invalid pointer might take   You could have a null pointer   That s one you could easily check for and do something about   You could have a pointer to somewhere outside of valid memory   What constitutes valid memory varies depending on how the run-time environment of your system sets up the address space   On Unix systems  it is usually a virtual address space starting at 0 and going to some large number of megabytes   On embedded systems  it could be quite small   It might not start at 0  in any case   If your app happens to be running in supervisor mode or the equivalent  then your pointer might reference a real address  which may or may not be backed up with real memory   You could have a pointer to somewhere inside your valid memory  even inside your data segment  bss  stack or heap  but not pointing at a valid object   A variant of this is a pointer that used to point to a valid object  before something bad happened to the object   Bad things in this context include deallocation  memory corruption  or pointer corruption   You could have a flat-out illegal pointer  such as a pointer with illegal alignment for the thing being referenced   The problem gets even worse when you consider segment offset based architectures and other odd pointer implementations   This sort of thing is normally hidden from the developer by good compilers and judicious use of types  but if you want to pierce the veil and try to outsmart the operating system and compiler developers  well  you can  but there is not one generic way to do it that will handle all of the issues you might run into   The best thing you can do is allow the crash and put out some good diagnostic information

User · Answer

you should avoid these methods because they do not work  blogs msdn com oldnewthing archive 2006 09 27 773741 aspx      JaredPar Feb 15  09 at 16 02   If they don t work - next windows update will fix it   If they don t work on concept level - function will be probably removed from windows api completely    MSDN documentation claim that they are banned  and reason for this is probably flaw of further design of application  e g  generally you should not eat invalid pointers silently - if you re in charge of design of whole application of course   and performance time of pointer checking   But you should not claim that they does not work because of some blog  In my test application I ve verified that they do work

User · Answer

On Windows I use this code   void   G pPointer   NULL  const char   G szPointerName   NULL  void CheckPointerIternal         char cTest      char   G pPointer     bool CheckPointerIternalExt         bool bRet   false         try               CheckPointerIternal            bRet   true              except  EXCEPTION EXECUTE HANDLER                   return  bRet    void CheckPointer void   A pPointer  const char   A szPointerName        G pPointer   A pPointer      G szPointerName   A szPointerName      if   CheckPointerIternalExt            throw std  runtime error  Invalid pointer     std  string G szPointerName              Usage   unsigned long   pTest    unsigned long    0x12345  CheckPointer pTest   pTest      throws exception

User · Answer

Indeed  something could be done under specific occasion  for example if you want to check whether a string pointer string is valid  using write fd  buf  szie  syscall can help you do the magic  let fd be a file descriptor of temporary file you create for test  and buf pointing to the string you are tesing  if the pointer is invalid write   would return -1 and errno set to EFAULT which indicating that buf is outside your accessible address space

User · Answer

Technically you can override operator new  and delete  and collect information about all allocated memory  so you can have a method to check if heap memory is valid  but    you still need a way to check if pointer is allocated on stack    you will need to define what is  valid  pointer    a  memory on that address is    allocated    b  memory at that address    is start address of object  e g     address not in the middle of huge    array   c  memory at that address    is start address of object of expected type  Bottom line  approach in question is not C   way  you need to define some rules which ensure that function receives valid pointers

User · Answer

Addendum to the accpeted answer s    Assume that your pointer could hold only three values -- 0  1 and -1 where 1 signifies a valid pointer  -1 an invalid one and 0 another invalid one  What is the probability that your pointer is NULL  all values being equally likely  1 3  Now  take the valid case out  so for every invalid case  you have a 50 50 ratio to catch all errors  Looks good right  Scale this for a 4-byte pointer  There are 2 32 or 4294967294 possible values  Of these  only ONE value is correct  one is NULL  and you are still left with 4294967292 other invalid cases  Recalculate  you have a test for 1 out of  4294967292  1  invalid cases  A probability of 2 xe-10 or 0 for most practical purposes  Such is the futility of the NULL check

User · Answer

IsBadReadPtr    IsBadWritePtr    IsBadCodePtr    IsBadStringPtr   for Windows  These take time proportional to the length of the block  so for sanity check I just check the starting address

User · Answer

these links may be helpful    CrtIsValidPointer Verifies that a specified memory range is valid for reading and writing  debug version only   http   msdn microsoft com en-us library 0w1ekd5e aspx   CrtCheckMemory Confirms the integrity of the memory blocks allocated in the debug heap  debug version only   http   msdn microsoft com en-us library e73x0s4b aspx

User · Answer

In general  it s impossible to do  Here s one particularly nasty case   struct Point2d       int x      int y      struct Point3d       int x      int y      int z      void dump Point3  p        printf    d  d  d  n   p- gt x  p- gt y  p- gt z      Point2d points 2       0  1    2  3     Point3d  p3   reinterpret cast lt Point3d   gt   amp points 0    dump p3     On many platforms  this will print out    0 1 2    You re forcing the runtime system to incorrectly interpret bits of memory  but in this case it s not going to crash  because the bits all make sense  This is part of the design of the language  look at C-style polymorphism with struct inaddr  inaddr in  inaddr in6   so you can t reliably protect against it on any platform

User · Answer

AFAIK there is no way  You should try to avoid this situation by always setting pointers to NULL after freeing memory

[c++] Testing pointers for validity (C/C++)

Examples related to c++

Examples related to c

Examples related to validation

Examples related to pointers

Examples related to null