1 registered members (monk12),
1,487
guests, and 9
spiders. |
Key:
Admin,
Global Mod,
Mod
|
|
|
Re: Assertion macro
[Re: WretchedSid]
#343412
10/06/10 04:23
10/06/10 04:23
|
Joined: Mar 2002
Posts: 1,774 Magdeburg
FlorianP
Serious User
|
Serious User
Joined: Mar 2002
Posts: 1,774
Magdeburg
|
The lite-C compiler is a pretty lightweight thingy for using the engine - it was never intended to replace 'real' c-compilers. If you have 'a clue' about assembler then why would you take the limitations of lite-c instead of using f.i. c++? Mostly because SED lacks basic features that are pretty much standard when developing larger programs
I <3 LINQ
|
|
|
Re: Assertion macro
[Re: FlorianP]
#343415
10/06/10 06:31
10/06/10 06:31
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
OP
Expert
|
OP
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
Yeah, SED is really far far behind a real IDE, but this is imo no reason to castrate the compiler... And for the record: I use a C++ compiler for my library and this isn't a Lite-c only project, in fact its just a port and I don't want to maintain two versions of my library (Once the normal one and then the Lite-C one with dll and extra header). Even a simple inline assembler would do the trick.
Edit: Und wenn ein inline assembler auf gar keinen Fall rein kommt, wie wäre es mit der Möglichkeit .s files direkt zu kompilieren? Das bisschen um eine Funktion herum is ja jetzt auch kein Hindernis.
Last edited by JustSid; 10/06/10 06:36.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Assertion macro
[Re: Bunsen]
#343418
10/06/10 09:06
10/06/10 09:06
|
Joined: Jan 2003
Posts: 4,615 Cambridge
Joey
Expert
|
Expert
Joined: Jan 2003
Posts: 4,615
Cambridge
|
double fmod_native(double x, double y)
{
double ptr(double,double);
static char machine_code[] = {
0x55, // push ebp
0x8B, 0xEC, // mov ebp, esp
0xDD, 0x45, 0x10, // fld qword ptr [ebp+0x10]
0xDD, 0x45, 0x08, // fld qword ptr [ebp+0x08]
0xD9, 0xF8, // fprem
0xDD, 0x5D, 0xF8, // fstp qword ptr [ebp-0x08]
0xDD, 0xD8, // fstp st(0)
0xDD, 0x45, 0xF8, // fld qword ptr [ebp-0x08]
0x5D, // pop ebp
0xC3 // ret
};
ptr = machine_code;
ptr(x, y);
}
void main()
{
printf("fmod(7.0, 5.0) = %f", fmod_native(7.0, 5.0));
}
this is a security risk and should definitely not work. that's exactly how hackers inject code and execute it. i thought this would be gone with the no execution bit on newer processors...
|
|
|
Re: Assertion macro
[Re: Joey]
#343420
10/06/10 09:18
10/06/10 09:18
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
OP
Expert
|
OP
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
Thats not a security risk and not the same way hackers inject code into your application.
However, I agree that this isn't the nicest and cleanest solution and that there is a need for an official inline assembler function/macro/what ever.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Assertion macro
[Re: Joey]
#343549
10/07/10 06:47
10/07/10 06:47
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
OP
Expert
|
OP
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
No it isn't. The memory is accessible for your application and the kernel. There is no way to let user input new commands so every other access would result in an segfault. What hackers uses are overflows to inject new code, thats why strcpy() is a bad function.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Assertion macro
[Re: WretchedSid]
#343581
10/07/10 14:18
10/07/10 14:18
|
Joined: Jan 2003
Posts: 4,615 Cambridge
Joey
Expert
|
Expert
Joined: Jan 2003
Posts: 4,615
Cambridge
|
let's ask allmighty wikipedia: [the nx-bit] is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; this is known as a buffer overflow attack. That's why DATA memory should NOT be allowed to be executed. You say there is no way to let users input new commands? But in your next sentence you tell us how... well, the segmentation fault should occur if you try to execute data memory.
|
|
|
Re: Assertion macro
[Re: Joey]
#343584
10/07/10 14:30
10/07/10 14:30
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
OP
Expert
|
OP
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
Interesting, you all mighty wiki says its in the last sentence: this is known as a buffer overflow attack. The posted code is in no case a buffer overflow and also not a stack overflow. I told you that you can inject new code when you let the user write into the memory by eg. don't check your strings but just use strcpy. That is _NOT_ the case in the sample code. Segfaults should also not occur when you try to execute something from the heap but only when you try to access unmapped memory.
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
Re: Assertion macro
[Re: Joey]
#343597
10/07/10 18:24
10/07/10 18:24
|
Joined: Apr 2007
Posts: 3,751 Canada
WretchedSid
OP
Expert
|
OP
Expert
Joined: Apr 2007
Posts: 3,751
Canada
|
No, you have mistaken me. Your point was that the code is evil because hackers use this to inject new code. I wanted to show you that you are wrong because the code isn't evil, I never wanted to argue about the NX-Bit or the evil heap. (Did you know that you can also have code on the stack and execute it? What about an NX-Bit for the stack?)
And by the way, instead of writing save code without using functions that are clearly marked as evil (like strcpy), you want to prevent anyone from executing something from the heap? Thats like saying "Ouh, my teeth hurts like hell. Lets cut of my head so I don't feel 'em anymore" Just my 2 cents about the NX-Bit
Shitlord by trade and passion. Graphics programmer at Laminar Research. I write blog posts at feresignum.com
|
|
|
|