Thread: Check for read-only ptr vs buffer passed to func

Hello,
As you probably know, we can pass either a char * pointing to read-only memory OR an address of a BUFFER which points to modifiable memory into a function whose signature is like this:

Code:

void my_function(char* str1, char str2[]);

For example, we could do this:

Code:

char* name = "Jimmy";
char name2[] = "Zero";

Of course we cannot do name[3] = 'A' because we're pointing to read-only memory, but we can do name2[3] = 'A' because we're pointing to a buffer in a r/w section of memory.

But we can also do this:

Code:

my_function(name2, name);

Even if the author of my_function intended str2 to be the address of a buffer which is modifiable.

So the question is, when we define my_function, is there anyway to inside of the function definition, check to see whether or not the passed-in arguments point to read-only or modifiable/buffer memory? Thank you.

After reading this question I remembered that string literals are stored in a different section of memory, so I began to wonder if the memory location could be deciphered for a variable which might give a clue to this. While this kind of thing is beyond me, I think I did find something interesting. The following is an excerpt I found from a stackoverflow post that deals with a similar question. Unfortunately I don't use linux so I don't recognize the linux commands.

Code:

#include <stdio.h>

int main() {
    char *s = "abc";
    printf("%s\n", s);
    return 0;
}

Compile and decompile:

gcc -ggdb -std=c99 -c main.c
objdump -Sr main.o

Output contains:
char *s = "abc";
8: 48 c7 45 f8 00 00 00 movq $0x0,-0x8(%rbp)
f: 00
c: R_X86_64_32S .rodata

So the string is stored in the .rodata section.

Then:
readelf -l a.out
Contains (simplified):

Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]
LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000
0x0000000000000704 0x0000000000000704 R E 200000

Section to Segment mapping:
Segment Sections...
02 .text .rodata

This means that the default linker script dumps both .text and .rodata into a segment that can be executed but not modified (Flags = R E). Attempting to modify such a segment leads to a segfault in Linux.

-Ciro Santilli

Of course this is supposed to vary by platform, but it is interesting anyway.

----------
So it seems that by doing an object dump you can find out where it is stored which would give you what kind of variable it is right? .rodata for linux, .rdata for windows? Could this data be loaded into the C compiler and parsed?

Not in any portable way.

On *IX compatible operating systems, you could wrap a signal handler to trap segfaults around the attempt to write to the memory.