Date: Tue, 2 Sep 1997 19:58:41 -0700 (PDT)
Message-Id: <199709030258.TAA10287@adit.ap.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: djgpp AT delorie DOT com
From: Nate Eldredge <eldredge AT ap DOT net>
Subject: Re: More string problems!
Precedence: bulk

At 08:16  8/29/1997 GMT, Paul Derbyshire wrote:
>> chr, buf and text are uninitialized pointers. since they have automatic
>> scope in this case, they may be pointing anywhere. what is worse, you
>> have not claimed the memory they are pointing to, so it writing to those
>> areas can do anything from just what you expected to eating your hard
>> drive alive.
>
>Not in protected mode. :-) You might get erratic results, what you
>expected, or it might seg out, but only in real mode could it trash your
>disk FATs.
Well... okay, off to the land of highly unlikely hypothetical situations. In
DJGPP the code segment is mapped as a piece of the data segment. If an
uninitialized pointer were to point there, it could modify the code being
executed. Something like a "mov _dos_ds,%ds" could theoretically result,
causing writes to conventional memory and the aforementioned trashing.

It's my opinion that the code and data segments should not overlap by
default. This is one reason. Another was a posting some time ago by somebody
whose program had a similar bug: it overwrote the code that contained the
bug and made it very difficult to debug. I realize things like DXE's that
use live data would be less convenient, but it would be simple to make an
alias of the code segment selector with different access rights and use
that, thus keeping accesses relative to DS completely safe and protected.

Nate Eldredge
eldredge AT ap DOT net