Home > Net >  What does uninitialized read mean?
What does uninitialized read mean?

Time:09-23

Someone said uninitialized read is accessing an unwritten but allocated memory space. And there’s also someone said it is accessing an unallicated memory space. So I am here to double check the meaning and BTW: Could you briefly explain what do "written" and "allocated" mean.

CodePudding user response:

Here you have some examples of the uninitialized read.

void foo(void)
{
    int x;
    int *y = malloc(sizeof(*y));

    printf("x = %d *y = %d\n", x, *y);
}

Reading the uninitialized object in the memory invokes Undefined Behaviour.

Correct:

int i;  // this one is initialized to zero as it has static storage duration

void foo(void)
{
    int w = 5;
    int x;
    int *y = malloc(sizeof(*y));
    int *z = &w;
    int *v = calloc(1, sizeof(*v));
    static int s; // this one is initialized to zero as it has static storage duration

    x = 10;
    *y = 35;

    printf("w = %d, x = %d, *y = %d, *z = %d, *v = %d\n",w, x, *y, *z, *v);
    printf("p = %d, s = %d\n", p, s);

}

CodePudding user response:

Hard to say without full context but here is best guesses --

uninitialized read -- you would say this when a variable or structure is read from memory without a value or default having been written to it. Thus you are reading unitialized (random) data. If a hacker could write to that memory location they could cause your system to act unexpectedly.*

TO FIX: make sure all allocated data and structures have default values written to them.

unallocated memory -- this is memory that has not specifically been marked as used by your application. This means any application or system could write to this memory and impact your system (since you are not reading from space that is designated for your application.

TO FIX: make sure you allocate all memory you use using your memory management system of choice.

*It has been pointed out that the system might behave unexpected anyway but the fact the system could be controlled by an outside agency was my point

CodePudding user response:

The full definition of initialization is given in 6.7.8 Initialization.

The full definition is long (pages 125-130) and has many examples and I will not repeat them here.

  • Related