I was just experiminting with the following C code and i noticed something interesting.. The first loop runs fine, but from the second loop the variable r1 occupies the kernel address space(ffffffffe) and instead of randomly changing as it is supposed to, all the consecutive loops show r1 as occupying the same address space. Further, when i tried to access the content of that address space my antivirus caught this program as a piece of malicious code.

#include<stdio.h>
#include<conio.h>

void funct1(){
    char *r1;
    char r2;
    int count=0;
    printf("r1= %x r2= %x\n",r1,&r2);
    //printf("*r1=",*r1);-- unable to open, permission denied, takes as a virus
    printf("\nin hex: %x\n",r1-(&r2));//print difference between address spaces as hex
    printf("\nin char: %c\n",r1-(&r2));//print difference between address spaces as char
    printf("\nin decimal: %d\n",r1-(&r2));//print difference between address spaces as decimal
    r1=&r2;
    printf("After: r1= %x r2= %x\n\n",r1,&r2);
    getch();
        funct1();
}

int main()
{
    funct1();
    getch();
    return 0;
}

Can someone help me understand as to why this occurs?

  • Warning : Running the code multiple times caused my C-free compiler to crash on my Windows Machine.

Edited 4 Years Ago by freddyk

You use the value of r1 at lines 8, 10, 11 and 12 (and 9 if you uncomment it) before initialising or assigning it (which you do at line 13).

Using an automatic scope variable without initialising it is undefined behaviour. There is no need for further explaination undefined behaviour means anything could happen.

You should always initialise automatic scope variables to some sensible value before using them.

You are correct Banfa. I agree that it can cause undefined behaviour. But the real question here is why the kernel address space is used. Despite the reason of "undefined behaviour" shouldn't the compiler or something block the code from accessing anything other than the local address space?

It doesn't matter, its just uninitialized memory. Why do you think its a memory pointer? It could just as easily be a signed/unsigned interger...Memory is not self defining, its whatever we(the program) say it is.

Any uninitialized variable will contain whatever is in that chunk of system memory (automatics are on the stack, so whatever was in that stack space). If you were to run a function in a loop, since the stack when the function is run will always be at the same place, if you don't initialize the variables, they will always have the same data values. A pointer will happily point to whatever is in that stack frame, which in your case is kernel memory, probably because that stack address had previously been used by something that set it that way.

This is why, using uninitialized automatic or class member variables will result in "undefined" behavior. Caveat Programmer! (Programmer Beware!). If you want to use a language that protects you from such things, then don't use C/C++... :rolleyes:

This article has been dead for over six months. Start a new discussion instead.