Memory protection in C

Question

Is there no memory protection in C ? Can a process edit any memory space ? how does C determines a memory is allocated is it stored somewhere ? For instance :

int a[2] = {2,3};
int *ptrA = &a;

int b = 10;
int *ptrB = &b;

printf("%d ",*(ptrA+1009));
*(ptrA+1009) = 10;
printf("%d \n",*(ptrA+1009));

printf("%d ",*(ptrB+1009));
*(ptrB+1009) = 10;
printf("%d\n",*(ptrB+1009));

Here pointer to unallocated memory has read/write access. Snippet complies and runs with a warning. Is it undefined behaviour/machine dependent ?

Answer 1

Memory protection doesn't mean what you think it means: It's measures to stop a process from accessing memory it shouldn't access. However, processes of course can access their own memory, which C/C++ and a lot of other languages let you do.

Here pointer to unallocated memory has read/write access.

dereferencing a pointer into unallocated is what we call a bug in your software :) However, it's totally OK that your compiler lets you do that. C/C++ don't have your back , if you want to juggle with pointers, by all means, do. You will provoke undefined behaviour or segmentation faults, if the addresses you try to access are not mapped in your process' memory (that's memory protection at work), but these languages let you do that.

Answer 2

No, there is no built-in memory protection in C, but using a pointer to access memory outside the object to which it points -- as your code does -- invokes undefined behavior. "Undefined behavior" does not mean that the program must fail or emit any particular diagnostic. Those are permissible results, but if they were required then that would be defined behavior.

Answer 3

The C/C++ standards don't have any requirements for dereferencing addresses. They provide access to raw memory so are general enough to be valid on bare metal, virtual memory systems, etc... So, as far as the language is concerned, it is perfectly valid to access a variable through an offset of a pointer to another variable or any memory reference in general. It is undefined behavior though, so the actual behavior generally depends on the runtime and/or operating system and/or hardware.

This compiler is free to add bounds checks to all memory references though. However, the general benefit of C/C++ is raw access to memory. Runtime bounds checking is generally too expensive to be practical for production use, but it is often used in debugging to find these types of errors. For a good example of runtime bounds checking, see valgrind or clang address sanitizer.

Most compilers will provide basic static bounds check warnings though. You can ( should ) generally turn them into errors using a switch like -Werror . There are also various static analyzers that will identify potential and verifiable out of bounds accesses.