COMPUTER SYSTEMS&MOD MSGT/ET SA AC PKG
3rd Edition
ISBN: 9780134671123
Author: Bryant
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Videos
Textbook Question
Chapter 2.3, Problem 2.37PP
Practice Problem 2.37 solution page 155
You are given the task of patching the vulnerability in the XDR code shown in the aside on page 100 for the case where both data types int and size_t are 32 bits. You decide to .eliminate the possibility of the multiplication overflowing by computing the number of bytes to allocate using data type unit64_t. You replace
In 2002, it was discovered that code supplied by Sun Microsystems to implement the XDR library, a widely used facility for sharing data structures between programs, had a security vulnerability arising from the fact that multiplication can overflow without any notice being given to the program.
Code similar to that containing the vulnerability is shown below:
The function copy_elements is designed to copy ele_cnt data structures, each consisting of ele_ size bytes into a buffer allocated by the function on line 9. The number of bytes required is computed as ele_cnt * ele_size.
Imagine, however, that a malicious programmer calls this function with ele_cnt being 1,048,577 (220 + 1) and ele_size being 4,096 (212) with the program compiled for 32 bits. Then the multiplication on line 9 will overflow, causing only 4,096 bytes to be allocated, rather than the 4,294,971,392 bytes required to hold that much data. The loop starting at line 15 will attempt to copy all of those bytes, overrunning the end of the allocated buffer, and therefore corrupting other data structures. This could 1 cause the program to crash or otherwise misbehave.
The Sun code was used by almost every
A similar vulnerability existed in many implementations of the library function calloc. These have since been patched. Unfortunately, many-programmers call allocation functions, such as malloc using arithmetic expressions as arguments, without checking these expressions for overflow. Writing a reliable version of calloc is left as an exercise (Problem 2.76)
the original call to malloc (line 9) as follows:
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solution
Students have asked these similar questions
Methods (Ch6) - Review
1. (The MyRoot method) Below is a manual implementation of the Math.sqrt() method in Java.
There are two methods, method #1 which calculates the square root for positive integers, and
method #2, which calculates the square root of positive doubles (also works for integers).
public class SquareRoot {
public static void main(String[] args) {
}
// implement a loop of your choice here
// Method that calculates the square root of integer variables
public static double myRoot(int number) {
double root;
root=number/2;
double root old;
do {
root old root;
root (root_old+number/root_old)/2;
} while (Math.abs(root_old-root)>1.8E-6);
return root;
}
// Method that calculates the square root of double variables
public static double myRoot(double number) {
double root;
root number/2;
double root_old;
do {
root old root;
root (root_old+number/root_old)/2;
while (Math.abs (root_old-root)>1.0E-6);
return root;
}
}
Program-it-Yourself: In the main method, create a program that…
I would like to know the main features about the following 3 key concepts:1. Backup Domain Controller (BDC)2. Access Control List (ACL)3. Dynamic Memory
In cell C21, enter a formula to calculate the number of miles you expect to drive each month. Divide the value of number of miles (cell A5 from the Data sheet) by the average MPG for the vehicle multiplied by the price of a gallon of gas (cell A6 from the Data sheet).
Chapter 2 Solutions
COMPUTER SYSTEMS&MOD MSGT/ET SA AC PKG
Ch. 2.1 - Practice Problem 2.1 (solution page 143) Perform...Ch. 2.1 - Prob. 2.2PPCh. 2.1 - Prob. 2.3PPCh. 2.1 - Practice Problem 2.4 (solution page 144) Without...Ch. 2.1 - Prob. 2.5PPCh. 2.1 - Prob. 2.6PPCh. 2.1 - Prob. 2.7PPCh. 2.1 - Prob. 2.8PPCh. 2.1 - Practice Problem 2.9 solution page 146 Computers...Ch. 2.1 - Prob. 2.10PP
Ch. 2.1 - Prob. 2.11PPCh. 2.1 - Prob. 2.12PPCh. 2.1 - Prob. 2.13PPCh. 2.1 - Prob. 2.14PPCh. 2.1 - Prob. 2.15PPCh. 2.1 - Prob. 2.16PPCh. 2.2 - Prob. 2.17PPCh. 2.2 - Practice Problem 2.18 (solution page 149) In...Ch. 2.2 - Prob. 2.19PPCh. 2.2 - Prob. 2.20PPCh. 2.2 - Prob. 2.21PPCh. 2.2 - Prob. 2.22PPCh. 2.2 - Prob. 2.23PPCh. 2.2 - Prob. 2.24PPCh. 2.2 - Prob. 2.25PPCh. 2.2 - Practice Problem 2.26 (solution page 151) You are...Ch. 2.3 - Prob. 2.27PPCh. 2.3 - Prob. 2.28PPCh. 2.3 - Prob. 2.29PPCh. 2.3 - Practice Problem 2.30 (solution page 153) Write a...Ch. 2.3 - Prob. 2.31PPCh. 2.3 - Practice Problem 2.32 (solution page 153) You are...Ch. 2.3 - Prob. 2.33PPCh. 2.3 - Prob. 2.34PPCh. 2.3 - Practice Problem 2.35 (solution page 154) You are...Ch. 2.3 - Prob. 2.36PPCh. 2.3 - Practice Problem 2.37 solution page 155 You are...Ch. 2.3 - Prob. 2.38PPCh. 2.3 - Prob. 2.39PPCh. 2.3 - Practice Problem 2.40 (solution page 156) For each...Ch. 2.3 - Prob. 2.41PPCh. 2.3 - Practice Problem 2.42 (solution page 156) Write a...Ch. 2.3 - Practice Problem 2.43 (solution page 157) In the...Ch. 2.3 - Prob. 2.44PPCh. 2.4 - Prob. 2.45PPCh. 2.4 - Prob. 2.46PPCh. 2.4 - Prob. 2.47PPCh. 2.4 - Prob. 2.48PPCh. 2.4 - Prob. 2.49PPCh. 2.4 - Prob. 2.50PPCh. 2.4 - Prob. 2.51PPCh. 2.4 - Prob. 2.52PPCh. 2.4 - Practice Problem 2.53 (solution page 160) Fill in...Ch. 2.4 - Practice Problem 2.54 (solution page 160) Assume...Ch. 2 - Compile and run the sample code that uses...Ch. 2 - Try running the code for show_bytes for different...Ch. 2 - Prob. 2.57HWCh. 2 - Write a procedure is_little_endian that will...Ch. 2 - Prob. 2.59HWCh. 2 - Prob. 2.60HWCh. 2 - Prob. 2.61HWCh. 2 - Write a function int_shifts_are_arithmetic() that...Ch. 2 - Fill in code for the following C functions....Ch. 2 - Write code to implement the following function: /...Ch. 2 - Write code to implement the following function: /...Ch. 2 - Write code to implement the following function: / ...Ch. 2 - You are given the task of writing a procedure...Ch. 2 - Prob. 2.68HWCh. 2 - Write code for a function with the following...Ch. 2 - Write code for the function with the following...Ch. 2 - You just started working for a company that is...Ch. 2 - You are given the task of writing a function that...Ch. 2 - Write code for a function with the following...Ch. 2 - Write a function with the following prototype: /...Ch. 2 - Prob. 2.75HWCh. 2 - The library function calloc has the following...Ch. 2 - Prob. 2.77HWCh. 2 - Write code for a function with the following...Ch. 2 - Prob. 2.79HWCh. 2 - Write code for a function threefourths that, for...Ch. 2 - Prob. 2.81HWCh. 2 - Prob. 2.82HWCh. 2 - Prob. 2.83HWCh. 2 - Prob. 2.84HWCh. 2 - Prob. 2.85HWCh. 2 - Intel-compatible processors also support an...Ch. 2 - Prob. 2.87HWCh. 2 - Prob. 2.88HWCh. 2 - We are running programs on a machine where values...Ch. 2 - You have been assigned the task of writing a C...Ch. 2 - Prob. 2.91HWCh. 2 - Prob. 2.92HWCh. 2 - following the bit-level floating-point coding...Ch. 2 - Following the bit-level floating-point coding...Ch. 2 - Following the bit-level floating-point coding...Ch. 2 - Following the bit-level floating-point coding...Ch. 2 - Prob. 2.97HW
Additional Engineering Textbook Solutions
Find more solutions based on key concepts
What Visual Basic function would you use to get the current time from the system, without the date?
Starting Out With Visual Basic (8th Edition)
This optional Google account security feature sends you a message with a code that you must enter, in addition ...
SURVEY OF OPERATING SYSTEMS
In the following exercises, write a program to carry out the task. The program should use variables for each of...
Introduction To Programming Using Visual Basic (11th Edition)
Comprehension Check 12-5
You have three springs, with stiffness 1,2 and 3 newtons per meter [N/m], respectively...
Thinking Like an Engineer: An Active Learning Approach (4th Edition)
How is the hydrodynamic entry length defined for flow in a pipe? Is the entry length longer in laminar or turbu...
Fluid Mechanics: Fundamentals and Applications
Circumference and Area of a Circle) Heres a peek ahead. In this chapter, you learned about integers and the typ...
Java How to Program, Early Objects (11th Edition) (Deitel: How to Program)
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- Microsoft Excelarrow_forwardIn cell C16, enter a formula to calculate the price of the vehicle minus your available cash (from cell A3 in the Data worksheet). Use absolute references where appropriate—you will be copying this formula across the row what fomula would i use and how do i solve itarrow_forwardWhat types of data visualizations or tools based on data visualizations have you used professionally, whether in a current or past position? What types of data did they involve? What, in your experience, is the value these data views or tools added to your performance or productivity?arrow_forward
- Question: Finding the smallest element and its row index and column index in 2D Array: 1. Write a public Java class min2D. 2. In min2D, write a main method. 3. In the main method, create a 2-D array myArray with 2 rows and 5 columns: {{10, 21, 20, 13, 1}, {2, 6, 7, 8, 14}}. 4. Then, use a nested for loop to find the smallest element and its row index and column index. 5. Print the smallest element and its row index and column index on Java Consolearrow_forward(using R)The iris data set in R gives the measurements in centimeters of the variables sepal length and width andpetal length and width, respectively, for 50 flowers from each of 3 species of iris, setosa, versicolor, andvirginica. Use the iris data set and the t.test function, test if the mean of pepal length of iris flowers isgreater than the mean of sepal length.The iris data set in R gives the measurements in centimeters of the variables sepal length and width andpetal length and width, respectively, for 50 flowers from each of 3 species of iris, setosa, versicolor, andvirginica. Use the iris data set and the t.test function, test if the mean of pepal length of iris flowers isgreater than the mean of sepal length.arrow_forwardRecognizing the Use of Steganography in Forensic Evidence (4e)Digital Forensics, Investigation, and Response, Fourth Edition - Lab 02arrow_forward
- Write a Java Program to manage student information of a university. The Javaprogram does the following steps:a) The program must use single-dimensional arrays to store the studentinformation such as Student ID, Name and Major.b) The program asks the user to provide the number of students.c) The program asks the user to enter the Student IDs for the number of studentsand stores them.d) The program asks the user to enter the corresponding names for the numberof students and stores them.e) The program then asks the user to provide the corresponding major for thestudents and stores them.f) The program then should display the following options:1. ID Search2. Major Enrollment3. Exitg) On selecting option 1, the user can search for a student using Student ID. Theprogram asks the user to enter a Student ID. It then should print thecorresponding student’s details such as Name and Major if the user providedStudent ID number is present in the stored data. If the user’s Student IDnumber does not…arrow_forward(a) Algebraically determine the output state |q3q2q1q0> (which is a 4-qubitvector in 16-dimensional Hilbert space). Show all steps of your calculations. (b) Run a Qiskit code which implements the circuit and append threemeasurement gates to measure the (partial) output state |q2q1q0> (which is a 3-qubit vector in 8-dimensional Hilbert space). this is for quantum soft dev class, you can use stuff like Deutsch Jozsa if u wantarrow_forwardWrite a C++ program that will count from 1 to 10 by 1. The default output should be 1, 2, 3, 4, 5, 6 , 7, 8, 9, 10 There should be only a newline after the last number. Each number except the last should be followed by a comma and a space. To make your program more functional, you should parse command line arguments and change behavior based on their values. Argument Parameter Action -f, --first yes, an integer Change place you start counting -l, --last yes, an integer Change place you end counting -s, --skip optional, an integer, 1 if not specified Change the amount you add to the counter each iteration -h, --help none Print a help message including these instructions. -j, --joke none Tell a number based joke. So, if your program is called counter counter -f 10 --last 4 --skip 2 should produce 10, 8, 6, 4 Please use the last supplied argument. If your code is called counter, counter -f 4 -f 5 -f 6 should count from 6. You should count from first to last inclusively.…arrow_forward
- Write a program that will count from 1 to 10 by 1. The default output should be 1, 2, 3, 4, 5, 6 , 7, 8, 9, 10 There should be only a newline after the last number. Each number except the last should be followed by a comma and a space. To make your program more functional, you should parse command line arguments and change behavior based on their values. Argument Parameter Action -f, --first yes, an integer Change place you start counting -l, --last yes, an integer Change place you end counting -s, --skip optional, an integer, 1 if not specified Change the amount you add to the counter each iteration -h, --help none Print a help message including these instructions. -j, --joke none Tell a number based joke. So, if your program is called counter counter -f 10 --last 4 --skip 2 should produce 10, 8, 6, 4 Please use the last supplied argument. If your code is called counter, counter -f 4 -f 5 -f 6 should count from 6. You should count from first to last inclusively. You…arrow_forwardWas What is the deference betwem full At Adber and Hold?arrow_forwardI need help making this EER diagram in Chen Notation.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
C++ for Engineers and ScientistsComputer ScienceISBN:9781133187844Author:Bronson, Gary J.Publisher:Course Technology Ptr
Systems ArchitectureComputer ScienceISBN:9781305080195Author:Stephen D. BurdPublisher:Cengage Learning
C++ Programming: From Problem Analysis to Program...Computer ScienceISBN:9781337102087Author:D. S. MalikPublisher:Cengage Learning
Microsoft Visual C#Computer ScienceISBN:9781337102100Author:Joyce, Farrell.Publisher:Cengage Learning,
A+ Guide to Hardware (Standalone Book) (MindTap C...Computer ScienceISBN:9781305266452Author:Jean AndrewsPublisher:Cengage Learning
EBK JAVA PROGRAMMINGComputer ScienceISBN:9781337671385Author:FARRELLPublisher:CENGAGE LEARNING - CONSIGNMENT
C++ for Engineers and Scientists
Computer Science
ISBN:9781133187844
Author:Bronson, Gary J.
Publisher:Course Technology Ptr
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
C++ Programming: From Problem Analysis to Program...
Computer Science
ISBN:9781337102087
Author:D. S. Malik
Publisher:Cengage Learning
Microsoft Visual C#
Computer Science
ISBN:9781337102100
Author:Joyce, Farrell.
Publisher:Cengage Learning,
A+ Guide to Hardware (Standalone Book) (MindTap C...
Computer Science
ISBN:9781305266452
Author:Jean Andrews
Publisher:Cengage Learning
EBK JAVA PROGRAMMING
Computer Science
ISBN:9781337671385
Author:FARRELL
Publisher:CENGAGE LEARNING - CONSIGNMENT
Instruction Format (With reference to address); Author: ChiragBhalodia;https://www.youtube.com/watch?v=lNdy8HREvgo;License: Standard YouTube License, CC-BY