浮点异常对无效输入有什么危险?
[英]What are the dangers of floating point exceptions on invalid input?
问题描述
I ran some fuzzying on dcraw and found a floating point exception. 
我在dcraw上运行了一些模糊测试 ,发现了一个浮点异常。
What are the dangers of this? 这有什么危险? It reads some length plen from the corrupted file and computes foo[i % plen] . 它从损坏的文件读取一些长度plen并计算foo[i % plen] 。 If plen == 0 then this is undefined by the standard and gcc throws a floating point exception. 如果plen == 0则标准未定义 ,gcc抛出浮点异常。 EDIT: And the exception is not caught (this is C) and the program terminates. 编辑:并没有捕获异常(这是C),程序终止。
Should I care? 我应该关心吗? Is there any scenario where this could be exploited or cause other bad things? 是否存在可能被利用或导致其他不良事件的情况? One possible correct behaviour of the code would be to notice that the file is corrupted and just exist. 代码的一个可能的正确行为是注意文件已损坏并且只是存在。 How is that different than throwing a FPE and then exiting? 与投掷FPE然后退出有什么不同?
(I'm surprised that I haven't found a question on this because this seems very basic to me.) (我很惊讶我没有找到这方面的问题,因为这对我来说似乎非常基本。)
3 个解决方案
解决方案1
2 已采纳 2014-11-14 10:50:56
If
plen == 0then this is undefined by the standard ...plen == 0那么这个标准是不确定的......
Exactly. 究竟。 That means, a compiler is free to assume it doesn't happen. 这意味着,编译器可以自由地假设它不会发生。 This code, for example 例如,这段代码
int foo(int m, int n) {
if(n == 0) return m % n;
return 0;
}
is compiled to 被编译为
foo: # @foo
xorl %eax, %eax
ret
by clang -std=c99 -S -O2 on my machine (Intel x86). by clang -std=c99 -S -O2在我的机器上(Intel x86)。 The if branch is assumed never to be entered and foo returns 0 unconditionally. 假设永远不会输入if分支, foo无条件地返回0。 No FPE, no crash. 没有FPE,没有崩溃。 (I couldn't find a similar small example with gcc , unfortunately.) (不幸的是,我找不到与gcc类似的小例子。)
... and gcc throws a floating point exception.
Not quite. 不完全的。 That's your CPU if code tries to divide by zero. 如果代码试图除以零,那就是你的CPU。 But, as said above, there is no guarantee that such code is generated at all. 但是,如上所述,不能保证根本生成这样的代码。
I doubt that GCC defines anything here (and couldn't find anything indicating that in the documentation). 我怀疑GCC在这里定义了什么(并且在文档中找不到任何指示的东西)。
Should I care?
You should care. 你应该在乎。 With some bad luck, your programme could proceed with a wrong input file, see above. 运气不好,你的程序可能会输入错误的输入文件,见上文。
And an error message "Invalid input file." 并出现错误消息“输入文件无效”。 is much nicer in my opinion than just "Floating-pointing exception.". 在我看来,这比“浮动指向异常”要好得多。 The former tells me (as the end user) what's wrong, the latter only tells me that there is a bug in the software (I would consider it such). 前者告诉我(作为最终用户)出了什么问题,后者只告诉我软件中有一个错误(我会这么认为)。
解决方案2
1 2014-11-14 09:50:05
Exceptions are thrown to enable you to restore the system to a well defined state after unexpected things happened. 抛出异常使您能够在意外事件发生后将系统还原到定义良好的状态。
A thrown exceptions does not restore the system to a well defined state. 抛出的异常不会将系统恢复到定义良好的状态。 That's your responsibility. 那是你的责任。 Any exploitation happens on the basis of how you do that, not on the basis of the thrown exception itself. 任何利用都是基于你如何做到的,而不是基于抛出的异常本身。
解决方案3
0 2014-11-14 09:56:56
Regarding "Is there any scenario where this could be exploited or
cause other bad things? "
Recovering from exception entirely depends on the context in which exception was thrown. 从异常中恢复完全取决于抛出异常的上下文。 If exception was thrown by some calculations, the result of which is needed to move forward then it's better to halt the system. 如果某些计算引发了异常,那么结果需要继续前进,那么最好暂停系统。
However if your exception is thrown for something which can be ignored OR for which other default options could be provided then you could surely move on from that. 但是,如果您可以忽略某些可以忽略的异常,或者可以提供其他默认选项,那么您肯定会继续这样做。
For eg:- 例如: -
Let's say I am reading .ini using boost program options. 假设我正在使用boost程序选项阅读.ini。 On account of some missing variables in .ini file there was some exception. 由于.ini文件中存在一些缺失变量,因此存在一些异常。 in this case I can recover from exception by providing some suitable default value to that variable. 在这种情况下,我可以通过为该变量提供一些合适的默认值来从异常中恢复。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.