C code memory-management workarounds against exploits

Patrick Reany

29 May 2024

Patrick:
C code has a bad reputation for poor memory management, allowing for exploits against it. Is there a subset of C programming code that is memory management safe?

Copilot:
Certainly! While C is known for its flexibility and performance, it does come with some memory management challenges. However, there are ways to achieve better memory safety in C code. Here are some approaches:

1. NULL Out Pointers When Freeing Memory Always set pointers to 'NULL' after freeing memory to avoid Use-After-Free bugs and double-free issues [1].

2. Perform Bounds Checks: Ensure that you check array bounds to prevent Out-Of-Bounds (OOB) read and write vulnerabilities.

3. Avoid Recursion (or Use It Carefully): Recursion can lead to Stack Exhaustion and Heap Exhaustion vulnerabilities. Use it judiciously and understand your limits.

4. Check Pointers for NULL: If a pointer could be 'NULL' at any time, verify it before using it to prevent NULL Pointer Dereference vulnerabilities.

5. Use Multi-Thread Hardening Mechanisms: Prevent race conditions that can lead to memory safety bugs.

6. Initialize Pointers and Variables: Always initialize pointers and variables, especially if they'll be used without prior value assignment.

7. Ensure Proper NULL Termination for Strings: Avoid memory leaks and other issues by ensuring strings are correctly NULL-terminated.

8. Be Careful with Copying Functions: When using loops or copying data, ensure that you don't go beyond the bounds of subsequent buffers or variables (avoid off-by-one vulnerabilities).

Remember that achieving memory safety in C involves a combination of good practices, awareness, and thorough testing. While it's impossible to eliminate all risks, following these guidelines can significantly improve memory safety in your C code [1]. Additionally, consider using a safer subset of C, which restricts or bans unsafe language features to reduce the likelihood of programming errors [2,3].

Source: Conversation with Copilot, 5/29/2024
(1) How to achieve memory safety while writing C code?. https://stackoverflow.com/questions/66081442/how-to-achieve-memory-safety-while-writing-c-code.
(2) Keeping safe at C: How to neutralize some of the inherent dangers ... - IAR. https://www.iar.com/knowledge/learn/functional-safety/keeping-safe-at-c/.
(3) How Close Is Existing C/C++ Code to a Safe Subset?. https://www.mdpi.com/2624-800X/4/1/1.