|
Home > Archive > Unix Programming > November 2004 > understanding sbrk(0)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
understanding sbrk(0)
|
|
|
| Hi,
I have a very simple program in C
main()
{
long *p;
p = sbrk(0);
printf("p = %p\n", p);
}
Everytime I run this, it gives a different value of p. My questions
are:
1) What does sbrk(0) do? Man page says that it gives a location of
program break. What does "program break" mean?
2) If p is the location where the heap part of the process address
space points, then shouldnt it be the same everytime? (to my poor
knowledge)
3) If I do cat /proc/<pid of this process>/maps the region mappings
given are the same everytime except for one section which is equal to
the value of p in the program? What does that mean?
Thanks in advance
Ash
| |
| Paul Pluzhnikov 2004-10-27, 5:52 pm |
| amujoo@yahoo.com (Ash) writes:
> Everytime I run this, it gives a different value of p. My questions
> are:
You need to specify your system: on my system that program gives
*the same* value for "p" every time.
> 1) What does sbrk(0) do? Man page says that it gives a location of
> program break. What does "program break" mean?
http://docs.sun.com/db/doc/802-1954/6i5v01d57?a=view
> 2) If p is the location where the heap part of the process address
> space points, then shouldnt it be the same everytime? (to my poor
> knowledge)
It should be, except you are probably running on a recent Linux
system with 'exec-shield' enabled.
Disable it with (as root): 'echo 0 > /proc/sys/kernel/exec-shield'
and try again.
Read more about exec-shield here:
http://people.redhat.com/mingo/exec...NCE-exec-shield
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
| |
|
| You are right, it works. but didnt understand what exec shield has to
do with the sbrk(0) value?
Paul Pluzhnikov <ppluzhnikov-nsp@charter.net> wrote in message news:<m3sm80nr1t.fsf@salmon.parasoft.com>...
> amujoo@yahoo.com (Ash) writes:
>
>
> You need to specify your system: on my system that program gives
> *the same* value for "p" every time.
>
>
> http://docs.sun.com/db/doc/802-1954/6i5v01d57?a=view
>
>
> It should be, except you are probably running on a recent Linux
> system with 'exec-shield' enabled.
>
> Disable it with (as root): 'echo 0 > /proc/sys/kernel/exec-shield'
> and try again.
>
> Read more about exec-shield here:
> http://people.redhat.com/mingo/exec...NCE-exec-shield
>
> Cheers,
| |
| Paul Pluzhnikov 2004-11-01, 2:47 am |
| amujoo@yahoo.com (Ash) writes:
A. Because doing so makes the conversation harder to read.
Q. Why should I not top-post?
Please do not top post. Rest of the message re-ordered.
> Paul Pluzhnikov <ppluzhnikov-nsp@charter.net> wrote:
[vbcol=seagreen]
> You are right, it works. but didnt understand what exec shield has to
> do with the sbrk(0) value?
Have you read the article on exec-shield? It appears not ...
Exec-shield attempts to randomize placement of the executable. Since
the value of sbrk(0) at startup has a fixed relationship to the
executable load address, exec-shield also randomizes the value
returned by sbrk(0).
Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
| |
|
| Paul Pluzhnikov <ppluzhnikov-nsp@charter.net> wrote in message news:<m34qkaavmw.fsf@salmon.parasoft.com>...
> amujoo@yahoo.com (Ash) writes:
>
> A. Because doing so makes the conversation harder to read.
> Q. Why should I not top-post?
>
> Please do not top post. Rest of the message re-ordered.
>
>
>
> Have you read the article on exec-shield? It appears not ...
>
> Exec-shield attempts to randomize placement of the executable. Since
> the value of sbrk(0) at startup has a fixed relationship to the
> executable load address, exec-shield also randomizes the value
> returned by sbrk(0).
>
> Cheers,
Here is another problem that I face: Consider the following program
main()
{
int fd, n;
char *p, buf[5 * PAGE_SIZE];
unsigned long brk;
brk = (long) sbrk(0);
printf("brk = %p\n", brk);
/**********************/
p = (char *)malloc(10);
/**********************/
fd = open("/proc/self/maps", O_RDONLY);
p = buf;
while (n = read(fd, p, PAGE_SIZE)) {
p += n;
}
printf("%s\n", buf);
}
This simple program is trying to print process break value and the
process address space mappings.
If the highlighed line is included in the program then brk value
corresponds to the one of the addresses printed in the mappings
If the highlighted line is removed in this program then brk value is
some arbitrary value that doesnt exist in the address space mappings.
why?
You can easily understand the problem if you compile and run this
program.
[vbcol=seagreen]
it. Thanks
| |
| Jonathan Adams 2004-11-04, 5:50 pm |
| In article <m3654o9rxn.fsf@salmon.parasoft.com>,
Paul Pluzhnikov <ppluzhnikov-nsp@charter.net> wrote:
> amujoo@yahoo.com (Ash) writes:
>
> The malloc(10) performed brk() call "behind the scenes" to increment
> the break value [1], and the kernel reflected this fact in the
> /proc/self/maps.
>
> [1] You can see that by running your program under 'strace', and
> you'll do well to study strace's output.
>
>
> It is not at all arbitrary. It is "just past" the program data segment.
Not always -- the various mapping-randomization patches for Linux will
randomize it as well, for example.
- jonathan
|
|
|
|
|