Thursday, 27 November 2014

I've been slacking.

The malloc stuff is tough.  So much to read!
The Skiena book exercises are pesky.  So much to solve!
I'm stuck on a couple of Euler Project problems.  I could pick another one (and I do) but... yeah.

My compiler doesn't love me any more.  :(

Apart from all that, I need to pack up an entire house for (finally) moving country.  I will never shop for anything again, I swear, I'm cured!

But still...

Monday, 17 November 2014

Just another evening on IRC

I hang out on ##c on to learn some stuff (and for some entertainment).

Apart from talking about C, it's quite the dadaist scene:

[00:29] <pentester_> in C what's the different between char a="hello" and unsigned a="hello"?
[00:29] <pentester_> unsigned char a="hello"
[00:29] <marchelzo_> one is invalid and the other is invalid
[00:29] <pentester_> bad typo
[00:29] <pentester_> a[]
[00:30] <pentester_> char a[]="hello and unsigned char a[]="hello"
[00:30] <pentester_> ^ missing " xD
[00:30] <marchelzo_> one is an array of chars and the other is an array of unsigned chars
[00:30] <pentester_> what's the purpose of the unsigned char?
[00:30] <pentester_> i mean why someone would use it ?
[00:30] * zid` thinks pentester_ tests pens for a living
[00:31] <gyaretto> pentester_: I'm using it now.
[00:31] <gyaretto> Because I need to make use of all 8 bits.
[00:31] <marchelzo_> ungined char can store larger integers than char
[00:31] <marchelzo_> unsigned*
[00:31] <zid`> and it's unsined..
[00:31] <zid`> meaning you can perform mathematical operations on it
[00:31] <zid`> that would otherwise be UB
[00:31] <Chris> Why do you ever use any unsigned types? Because you don't care about negatives.
[00:32] <gyaretto> zid`: Didn't know that. TIL.
[00:32] <pentester_> so i can use integer which is more or equal to 0x80?
[00:32] <Chris> So you use unsigned char just to deal with bytes from 0 to 255 (or greater)
[00:32] <Chris> Yes, unsigned char ranges from at least 0 to 0xFF
[00:32] <marchelzo_> what can you do with unsigned that is UB with signed?
[00:32] <zid`> shifting
[00:32] <Chris> go past the highest value.
[00:32] <zid`> in some situations
[00:32] <zid`> overflow
[00:32] <zid`> lots of stuff
[00:32] *** ChanServ gives channel operator privileges to candide.
[00:32] *** candide sets a ban on *!zid@
[00:32] <Chris> unsigned char x = UCHAR_MAX; x++; // defined to be 0
[00:33] <pentester_> what is UB?
[00:33] <Chris> signed char y = SCHAR_MAX; x++; // undefined behavior
[00:33] <Chris> pentester_: undefined behavior.
[00:33] <Chris> er.. y++ for the second example, obviously.
[00:33] <pentester_> zid`: r u hacker?
[00:33] *** candide removes the ban on *!zid@
[00:34] <zid`> pentester_: Can you recommend me a pen?
[00:34] <pentester_> zid`: no time to sell pen
[00:34] <pentester_> i can penetrate if that what you want
[00:35] <Chris> zid`:
[00:35] <m0shbear> zid`: the free ones they give out at career fairs
[00:35] <pentester_> Chris: what's the value of SCHAR_MAX
[00:35] <Chris> pentester_: implementation dependent.
[00:35] <pentester_> why its UB
[00:35] <vhlfd> Lol.
[00:35] <Chris> pentester_: why is what UB?
[00:35] <marchelzo_> ,grab pentester_ penetrate
[00:35] <m0shbear> because signed overflow is undefined
[00:35] <candide> Quote grabbed: 446: <pentester_> i can penetrate if that what you want
[00:36] <Chris> pentester_: overflowing a signed integer is undefined behavior.
[00:36] <gyaretto> Haha.
[00:36] <pentester_> will that a good thing  for hacker?
[00:36] <Chris> Don't know, don't care.
[00:36] <pentester_> i mean can an attacker benefit from UB
[00:36] <Chris> Ask ##scriptkiddies
[00:36] <marchelzo_> yes
[00:36] <zid`> Stick to testing pens
[00:37] <Chris> pentester_: buffer overflows are UB, surely you're familiar with them
[00:37] <vhlfd> I doubt he has any idea what he's doing, all things considered.
[00:37] <m0shbear> ^
[00:37] <pentester_> vhlfd: jelly?
[00:37] *** ChanServ takes channel operator privileges from candide.
[00:38] <pentester_> m0shbear: 0xF0ff
[00:38] <vhlfd> Wannabe hackers are excruciating.
[00:38] <Chris> Everyone has to learn at first.
[00:38] <zid`> He's learning upside down
[00:38] <Chris> But the side effects of UB are off-topic here.
[00:38] <zid`> He's going for things he's not intelligent enough to  understand first, rather than last
[00:38] <Chris> That's fairly typical.
[00:40] <pentester_> what's the meaning of signed overflow?
[00:40] <pentester_> i understand simple overflow
[00:40] <vhlfd> Read a book.
[00:40] <pentester_> vhlfd: wut book
[00:40] <vhlfd> ,k&r pentester_
[00:40] <Chris> It just means overflow on signed integers.
[00:40] <candide> pentester_: k&r is The C Programming Language, 2nd edition, by Kernighan and Ritchie, - be sure to see the errata as well, at
[00:40] <pentester_> old book
[00:40] <m0shbear> >not reading the classics
[00:40] <gunthler>
[00:40] <candide> Title of gunthler's link: Twitch
[00:40] <vhlfd> Indeed. It could teach you a thing or two.
[00:41] <Chris> In C, when you do an arithmetic operation that takes a signed integer out of range, it's undefined behavior.
[00:41] <Chris> When you do the same on an unsigned integer, it is well defined.
[00:41] <Chris> The end.
[00:41] <pentester_> chris you mean if the maximum is -5 and i add one and it become -6 it will result in UB
[00:41] <Chris> I don't know how the hell you add 1 to -5 to get -6
[00:41] * vhlfd wanders off.
[00:41] <pentester_> add one by using add 0xff
[00:42] <pentester_> ^ -1
[00:42] * Chris facepalms.
[00:42] <m0shbear> use of twos-complement == nonportable
[00:42] <Chris> Don't try to be clever, pentester_. Adding 255 is not the same as subtracting 1
[00:42] <pentester_> i think i'm doing it right?
[00:43] <Chris> (except in certain contexts, which we're not talking about now and that's unsigned char where CHAR_BIT is 8)
[00:43] <Chris> No, you're not.
[00:43] <Chris> Adding 255 is not the same as subtracting 1. Make up your mind what you're talking about.
[00:43] <m0shbear> >assuming a certain representation of negative values
[00:43] <Chris> Given signed char x = -5; then x += 255; is undefined behavior. (assuming SCHAR_MAX == 127)
[00:43] <m0shbear> >assuming a certain number of bits
[00:43] <pentester_> Chris: now we talking
[00:44] <pentester_> i'm waiting for the example for overflowing signed integer
[00:44] <Chris> pentester_: anything which results in an out of range result.
[00:44] <pentester_> thanks
[00:44] <pentester_> unsigned will never overflow right?
[00:44] <Chris> Now, given unsigned char y = 5; then y += 255; is _guaranteed_ to set y to 4 (for CHAR_BIT == 8)
[00:44] <Chris> Correct.
[00:45] <pentester_> unsigned wrap around signed are not?
[00:45] <Chris> Yes...
[00:45] <pentester_> clear ;)
[00:46] <pentester_> ,thanks Chris
[00:46] <candide> /say, pentester_
[00:51] <batchm> pentester please note that you are being told what the C standard says from anal pedants, and not what actually happens on platforms you are likely to use now, and in your life time. I am sure there is some obscure platform where signed numerical types don't wrap around, but I am also sure you aren't using any of them
[00:52] <vhlfd> Another insane person.
[00:53] <Chris> pentester_: batchm's well meaning (toward you, not me) but ignorant comment neglects the fact that compilers are allowed to assume undefined behavior doesn't happen and can and will optimize out such things in many instances, thus causing shit to fail if you assume such a wrap. This is why gcc supports and needs the -fwrapv compiler flag, for example.
[00:54] <batchm> more anal pedantry.. please ignore it
[00:54] <Chris> (I just gave a practical example, and it's still called pedantry, hilarious)
[00:54] <batchm> unless you want to become a language lawyer, rather than actually get things done
[00:55] <lemonade`> hey guys, anything new lately?
[00:55] <m0shbear> >getting things done by assuming implementation-dependent things that are technically UB
[00:55] <m0shbear> how fun
[00:56] <vhlfd> Is moshbear the channel mule?
[00:56] <vhlfd> batchm, I don't think you know many language lawyers.
[00:57] <vhlfd> I think people in general would be happy if IDB GNU C were the topic of this channel.
[00:58] <vhlfd> Meh.
[00:58] <m0shbear> vhlfd: eh?
[01:01] <milesrout> pentester_, signed overflow isn't 'left up to the compiler' or 'left up to the target platform' or anything like that. The standard says 'signed overflow is undefined behaviour'. That means that your compiler is allowed to assume it never ever happens.
[01:02] <milesrout> e.g. if you do for (int i = 0; i < -1; i++);, you might expect that the compiler will go from 0 up to INT_MAX then wrap around and go up to -1 from INT_MIN.
[01:03] <milesrout> that *might* happen. but the compiler is allowed to say "signed overflow is undefined, so the programmer doesn't intend it to happen. 0 is greater than -1, and you only increment i in the loop, so i only increases. therefore this is an infinite loop"
[01:03] <milesrout> and emit the equivalent of for (int i = 0; true; i++)
[01:06] <naptime> milesrout: You meant i > -1 , right?
[01:06] <naptime> in the loop?
[01:06] <milesrout> naptime, uhh... yes!
[01:06] <milesrout> yes I did.
[01:06] <naptime> Okay, that makes more sense then [=
[01:07] <milesrout> of course, the compiler is also allowed to say 'when int overflows, wipe the hard drive'
[01:07] <naptime> I would hate to develop for that implementation!
[01:08] <milesrout> if you pass -fwrapv to the compiler, it'll wrap on signed overflow and everything should be dandy. if you pass -ftrapv to the compiler, it'll *trap* on signed overflow, i.e. your program will abort when it tries to increment INT_MAX.
[01:08] <naptime> And -fwipev clears the hard disk?
[01:08] <milesrout> those aren't portable, though. -ftrapv is very useful for debugging if you think you have signed overflow somewhere and the compiler is fucking with you because of it.
[01:09] <milesrout> hahah
[01:09] <eb0t> join #ubuntu
[01:09] <vhlfd> Nearly there.
[01:10] <milesrout> I'm a little disappointed if I wrote that all out and pentester_ had already left :/
[01:11] <vhlfd> milesrout, you can messenger your loop to him I'm sure.
[01:12] <naptime> milesrout: Well I got here just before you wrote it all out so I saw it even if this pentester_ user didn't >^,^<  And I thought it was very helpful!
[01:12] <milesrout> naptime, good!
[01:12] <vhlfd> >^,^<
[01:13] <PoppaVic> always assume a compiler.. and behavior. Very Good.
[01:28] <fizzie> ,cc -std=c11 -O2  void f(int i) { static int c = 0; if (c++ > 10) exit(0); printf("%d ", i); }  for (int i = INT_MAX - 2; i > -1; i++) f(i);  /* look at that optimizer go! */
[01:28] <candide> fizzie: 2147483645 2147483646 2147483647 2147483645 2147483646 2147483647 2147483645 2147483646 2147483647 2147483645 2147483646  Program received signal SIGSEGV, Segmentation fault in ?? () called by exit () called by f (i=<optimized out>) at statement: if (c++ > 10) exit(0); called by main () at statement: for (int i = INT_MAX - 2; i > -1; i++) f(i); <local variables: c = 12; i = 2147483647>

Srsly, who needs comic shows on TV when stuff like that is available? :-D