简介 最近在看代码时,发现了两个之前没见过的数据类型:intptr_t,uintptr_t。...这两个数据类型是ISO C99定义的,具体代码在linux平台的/usr/include/stdint.h头文件中。...因此,就可以发现intptr_t和uintptr_t定义的巧妙之处: 在64位机器上,intptr_t为long int,uintptr_t为unsigned long int。...而在非64位机器上,intptr_t为int,uintptr_t为unsigned int。...这样就可以保证intptr_t和uintptr_t的长度与机器的指针长度一致,因此在进行整数与 指针的相互转换时可以用intptr_t进行过渡。 下面写两个demo测试下。
stdio.h> int main() { int a = 1; int p = &a; printf("the result is %d\n",*((int*)p)); } 32位linux...test.c:4:14: error: invalid conversion from ‘int*’ to ‘int’ [-fpermissive] int p = &a; 直接抛出错误 64位linux...{ ax = *(char *)(intptr_t)*sp++ = ax; } else if(op == SI){ *(int *)(intptr_t...pc + 1 : (int *)(intptr_t)*pc; } else if(op == JNZ) { pc = ax ?...(int *)(intptr_t)*pc : pc + 1; } else if(op == CALL) { *--sp = (int)(intptr_t)(pc
void jackpot(){ fprintf(stderr, "Nice jump d00d\n"); exit(0); } int main(int argc, char * argv[]){ intptr_t...* stack_buffer_1[4] = {0}; intptr_t* stack_buffer_2[3] = {0}; fprintf(stderr, "定义了两个数组"); fprintf...p\n", (void*)stack_buffer_1); fprintf(stderr, "stack_buffer_2 在 %p\n", (void*)stack_buffer_2); intptr_t...sc = (intptr_t)jackpot; memcpy((p4+40), &sc, 8); } intptr_t *victim = malloc(100); 首先申请了一个在 fastbin...chunk 就放到了 unsorted bin 中,然后最终被 unsorted bin 分配到 small bin 中 参考: http://blog.topsec.com.cn/pwn的艺术浅谈(二):linux
cmpxchg(unsigned int exchange_value, volatile unsigned int* dest, unsigned int compare_value); static intptr_t...cmpxchg_ptr(intptr_t exchange_value, volatile intptr_t* dest, intptr_t compare_value); static void*...exchange_value mov eax, compare_value LOCK_IF_MP(mp) cmpxchg dword ptr [edx], ecx } } linux_x86
void(*entry)(intptr_t)表示的是参数类型为intptr_t,返回值为void的函数指针。...intptr_t 是和一个机器相关的整数类型,在64位机器上对应的是long,在32位机器上对应的是int。...比如在我的Linux和Mac上页大小都是4096,然后经过上述运算stacksize的值基本上都是和传入的stacksize_in相同!这是因为三种栈的大小已经是4096的整数倍了。...在我的Linux上计算之后的guardsize就是4096,等同于guardsize_in。这个毋庸置疑。...中 #if defined(BTHREAD_CONTEXT_PLATFORM_linux_x86_64) && defined(BTHREAD_CONTEXT_COMPILER_gcc) __asm (
intptr_t ObjectSynchronizer::FastHashCode (Thread * Self, oop obj) { if (UseBiasedLocking) { if...= _thread_blocked, "invariant") ; ObjectMonitor* monitor = NULL; markOop temp, test; intptr_t...get_next_hash(Thread * Self, oop obj) { intptr_t value = 0 ; if (hashCode == 0) { value = os...::random() ; } else if (hashCode == 1) { intptr_t addrBits = cast_from_oop(obj) >>...addrBits = cast_from_oop(obj) >> 3 ; value = addrBits ^ (addrBits >> 5) ^ GVars.stwRandom
来看一下 openjdk 源码里生成 hashCode 的核心方法: static inline intptr_t get_next_hash(Thread * Self, oop obj) { intptr_t...intptr_t addrBits = intptr_t(obj) >> 3 ; value = addrBits ^ (addrBits >> 5) ^ GVars.stwRandom ;...if (hashCode == 3) { value = ++GVars.hcSequence ; } else if (hashCode == 4) { value = intptr_t...intptr_t addrBits = intptr_t(obj) >> 3 ; value = addrBits ^ (addrBits >> 5) ^ GVars.stwRandom ; }...这个算法,真的是对象的内存地址了,直接获取对象的 intptr_t 类型指针 第 2 种算法 if (hashCode == 2) { value = 1 ; // for
1 概述 Linux下的程序大多充当服务器的角色,在这种情况下,随着负载量和功能的增加,服务器所使用内存必然也随之增加,然而32位系统固有的4GB虚拟地址空间限制,在如今已是非常突出的问题了;另一个需要改进的地方是日期...,在Linux中,日期是使用32位整数来表示的,该值所表示的是从1970年1月1日至今所经过的秒数,这在2038年就会失效,但是在64位系统中,日期是使用64位整数表示的,基本上不用担心其会失效。...而Linux 64位系统采用LP64数据模型,因此在long和pointer上,都有着和32位系统不同的长度。...指针类型的,如果做加减等运算处理,不能转换为int类型,而统一改为intptr_t类型,比如: intptr_toffset = (intptr_t)pCurr – (intptr_t)pBase; 3.2.4...pointer之间的加减法使用intptr_t来存储结果,不要在pointer和int之间相互转换。
#else #include "ae_select.c" #endif #endif #endif 从代码中可看到,有 epoll 就会使用 epoll(Linux...在 Linux 系统下可以分析 ae_epoll.c 文件。kqueue 的详细介绍:Kernel Queues and Events。...uint16_t flags; /* general flags */ uint32_t fflags; /* filter-specific flags */ intptr_t
ways to "diffuse" the middle address bits over the // generated hashCode values: // static inline intptr_t...get_next_hash(Thread * Self, oop obj) { intptr_t value = 0 ; if (hashCode == 0) { // This form...intptr_t addrBits = intptr_t(obj) >> 3 ; value = addrBits ^ (addrBits >> 5) ^ GVars.stwRandom ;...if (hashCode == 3) { value = ++GVars.hcSequence ; } else if (hashCode == 4) { value = intptr_t...= _thread_blocked, "invariant") ; ObjectMonitor* monitor = NULL; markOop temp, test; intptr_t
*"进行第一次搜索 intptr_t handle; _finddata_t findData; handle = _findfirst(dirNew, &findData); if (handle...2.上述代码在x64,x86平台上都测试通过,之所以出现x86平台运行正常,x64编译通过,运行出现异常,是因为_findfirst()返回类型为intptr_t而非long型,从“intptr_t”转换到...“long”丢失了数据,所以创建句柄时需要:intptr_t handle;
\n", (char *)&stack_var); printf("接下来申请两个 chunk\n"); intptr_t *a = malloc(128); printf("...chunk a 在: %p\n", a); intptr_t *b = malloc(128); printf("chunk b 在: %p\n", b); printf("free...\n", b, a); printf("我们把 %p 的前 %lu 字节(也就是 fd/next 指针)改成 stack_var 的地址:%p", b, sizeof(intptr_t), &stack_var...); b[0] = (intptr_t)&stack_var; printf("现在 tcache 链表是这样的 [ %p -> %p ]....\n", &stack_var); intptr_t *c = malloc(128); printf("第二次 malloc: %p\n", c); printf("ojbk
* stack_buffer_1[4] = {0}; intptr_t* stack_buffer_2[3] = {0}; intptr_t *victim = malloc(100); intptr_t...= victim) 检查 stack_buffer_1[3] = (intptr_t*)stack_buffer_2;// 伪造的small_bin1的bk 指向 伪造的small_bin2...(p1); //----- VULNERABILITY ---- intptr_t *ptr_top = (intptr_t *) ((char *)p1 + real_size - sizeof...stack_buffer[4] = {0}; intptr_t* victim = malloc(0x100); intptr_t* p1 = malloc(0x100); free(victim...n", malloc(128)); intptr_t *b = malloc(128); return 0; } 伪造tcache bin之前的堆情况: ?
另一个可选的类型是新的 intptr_t 类型,它是一个足够大的可以容纳一个指针的整数。并不是所有的系统都提供这样一种类型(尽管当前所有的 Linux 和 BSD 实现都提供)。...uint_fast8_t; int_fast16_t; uint_fast16_t; int_fast32_t; uint_fast32_t; int_fast64_t; uint_fast64_t; intptr_t
isolate_(Isolate::FromHeap(heap)), heap_(heap), allocation_observer_(heap_, static_cast<intptr_t...class Observer : public AllocationObserver { public: Observer(Heap* heap, intptr_t step_size,...override { if (soon_object) { profiler_->SampleObject(soon_object, size); } } intptr_t...GetNextStepSize() override { return GetNextSampleInterval(rate_); } private: intptr_t GetNextSampleInterval...AllocationObserver* observer_; size_t prev_counter_; size_t next_counter_; }; */ intptr_t
count() = 0; virtual intptr_t childOffset(intptr_t index) = 0; virtual const FieldType childMetadata...virtual intptr_t recursiveCount() { return count(); } virtual intptr_t recursiveChildOffset(intptr_t...index) { return childOffset(index); } virtual const FieldType recursiveChildMetadata(intptr_t...childOffset(intptr_t i) { auto *Struct = static_cast(type); if (i <...auto extendOffset = (uintptr_t)(intptr_t)offset; return base + extendOffset; } 最后返回的时候我们可以看到base +
volatile jlong _previous_owner_tid; // thread id of the previous owner of the monitor volatile intptr_t...(_owner)|intptr_t(_cxq)|intptr_t(_EntryList); } const char* is_busy_to_string(stringStream* ss);...intptr_t is_entered(Thread* current) const; void* owner() const; void set_owner(void...* owner); jint waiters() const; jint contentions() const; intptr_t recursions() const...complete_exit(TRAPS); void reenter(intptr_t recursions, TRAPS); private: void AddWaiter
THREAD_sleep(int seconds) { #ifdef windows Sleep(1000L * seconds); #else sleep(seconds); #endif } linux...的sleep函数参考 sleep: https://man7.org/linux/man-pages/man3/sleep.3.html wait(), notify(), notifyAll() 这些属于基本的...return; } TEVENT(Wait); assert(Self->_Stalled == 0, "invariant"); Self->_Stalled = intptr_t...SpinRelease(&_WaitSetLock); if ((SyncFlags & 4) == 0) { _Responsible = NULL; } intptr_t
= n - 1; i >= 0; i--){ //第一个参数为工作进程的处理周期 spawn_process(worker_process_cycle,(void *)(intptr_t..."sched_setaffinity() failed\n"); } } void worker_process_cycle(void *data){ int worker = (intptr_t
领取专属 10元无门槛券
手把手带您无忧上云