Safe Programming

with Rust
Stack and Heap

Afonso Miguel
Stack e Heap
Stack
Stack
Stack
Stack

main: x=5
Stack
Stack

minha_função: z=20

main: x=5
Stack
Stack

minha_funcao: y=10

minha_função: z=20

main: x=5
Stack
Stack

main: x=5
Stack
Stack

main: x=5
Stack
Stack
Stack
Information with xed size:

1. Primitive data types: integers, oats, booleans,

characters.
2. References and pointers (with xed size).
3. Structures and enumerations with xed size.

fi
Stack & Heap
Stack
Stack & Heap
Stack

main: x=5
Stack & Heap
Stack

minha_funcao: z=20

main: x=5
Stack & Heap
Stack

minha_funcao: y=10

minha_funcao: z=20

main: x=5
 Stack & Heap
Stack

minha_funcao2: w=30

minha_funcao: y=10

minha_funcao: z=20

main: x=5
 Stack & Heap
Stack

minha_funcao2:
m=0x40
minha_funcao2: w=30

minha_funcao: y=10

minha_funcao: z=20

main: x=5
Stack & Heap
Stack

minha_funcao: y=10

minha_funcao: z=20

main: x=5
Stack & Heap
Stack

minha_funcao: y=10

minha_funcao: z=20

main: x=5
Stack & Heap
Stack

main: x=5
Stack & Heap
Stack

main: x=5
Stack & Heap
Stack
Heap
Information with variable size:

1. Dynamic strings.
2. Dynamic arrays.
3. Other structures/enumerations with variable or
unknown size at compile time.
Memory Management
Garbage Collector (Python, Java, etc…)
• E ective, but not very e cient.
Manual memory management (C, C++, …)
• E cient, but prone to errors:
a. Bu er over ow;
b. Memory dangling;
c. Memory leak;
d. Data running…
ff
ffi
ff
fl
ffi
 Memory Management
# Problem De nition

1 Bu er Over ow Occurs when more data is written to a bu er than it can hold, leading to memory
corruption and security risks.

2 Use After Free Happens when a program uses a pointer after the memory it points to has been
freed, causing unde ned behavior.

3 Double Free Arises when the same block of memory is freed more than once, leading to
memory corruption and crashes.

4 Dangling Pointer A pointer that references memory that has already been freed or is no longer
valid, resulting in unde ned behavior.

5 Uninitialized Memory Occurs when a program accesses memory that hasn't been initialized, leading to
Access unpredictable results.

6 Invalid Memory Access Happens when a program reads from or writes to memory it shouldn't access,
often causing crashes.
ff
fi
fl
fi
fi
ff
 Memory Management
# Problem De nition

7 Memory Leak Occurs when allocated memory is not freed, leading to increased memory usage
over time.

8 Heap Over ow Similar to a bu er over ow, but occurs in the heap, potentially leading to
memory corruption and crashes.

9 Pointer Arithmetic Errors Result from incorrect calculations on pointers, leading to invalid memory access.

10 O -by-One Error A loop or index error that causes access just outside the intended memory
range, leading to bugs or crashes.

11 Stack Over ow Occurs when the stack exceeds its limits, typically due to deep or in nite
recursion, causing a crash.

12 Misaligned Memory Happens when data is accessed at an address that isn't properly aligned,
Access leading to performance issues or crashes.
ff
fi
fl
fl
ff
fl
 Memory Management
# Problem Di culty in C Handling in Rust Notable Incident

1 Bu er Over ow ❌ High: Requires manual boundary ✅ Resolves: Avoided by default with boundary Morris Worm (1988)
(A) checks. checks in arrays and slices; triggers a runtime
panic if it occurs.

2 Use After Free ❌ High: Hard to detect, requires careful ✅ Resolves: Avoided through ownership; the Linux Kernel
(B) manual memory management. compiler ensures memory isn’t used after being Vulnerability (2016)
freed.

3 Double Free ❌ High: Can cause severe crashes, ✅ Resolves: Avoided as memory is CVE-2014-0196 (Linux
hard to avoid in complex code. automatically freed only once when it goes out Kernel)
of scope.

4 Dangling Pointer ❌ High: Common in C, requires manual ✅ Resolves: Avoided as the compiler prevents Apple Safari (2013)
checks to avoid use after free. pointers from referencing invalid memory.
ffi
ff
fl
 Memory Management
# Problem Di culty in C Handling in Rust Notable Incident

5 Uninitialized Memory ❌ High: Uninitialized variables can ✅ Resolves: Avoided as Rust requires all OpenSSL
Access cause unpredictable behavior. variables to be initialized before use. Vulnerability (2012)
(C)

6 Invalid Memory Access ❌ High: Null or invalid pointers cause ✅ Resolves: Avoided by using safe Heartbleed (2014)
hard-to-debug errors. references and types like `Option` for
potentially null values.

7 Memory Leak ❌ Moderate: Requires manual ✅ Mitigates: Largely avoided with NASA Software
(F) memory freeing, easy to forget in large ownership and RAII; can still occur with (1999)
codebases. reference cycles.

8 Heap Over ow ❌ High: Similar to bu er over ow, but ✅ Mitigates: Avoided with automatic Adobe Flash Player
harder to detect in the heap. boundary checks; safe heap allocations. (2016)
ffi
fl
ff
fl
 Memory Management
# Problem Di culty in C Handling in Rust Notable Incident

9 Pointer Arithmetic ❌ High: Pointer arithmetic errors can ✅ Mitigates: Largely avoided as Rust doesn’t Sendmail Debugger
Errors be devastating and hard to debug. allow pointer arithmetic like C; safe slice and (1988)
(D) reference handling.

10 O -by-One Error ❌ Moderate: Common in loops and ✅ Mitigates: Not automatically resolved; still Worm Slapper (2002)
(E) array handling, hard to avoid. depends on the programmer to avoid, but
boundary checks help mitigate.

11 Stack Over ow ❌ High: Can occur with deep ⚠ Doesn’t resolve: Not automatically resolved; Blaster Worm (2003)
recursion, hard to prevent in can occur in Rust as it does in C.
languages like C.

12 Misaligned Memory Moderate: Architecture-dependent ❌ Doesn’t resolve: Rust automatically aligns Intel's Pentium Bug
Access problem, hard to detect without tools. data; problems can still occur with `#[repr(C, (1994)
packed)]` and other manual optimizations.
ff
ffi
fl
Falcon Sensor / CrowdStrike
July/2024
• In July 2024, an update to
CrowdStrike’s Falcon Sensor
software caused widespread
Windows system crashes,
leading to the notorious Blue
Screen of Death (BSOD).

• The root cause was an out-of-

bounds memory read due to a
logic error in the update,
resulting in invalid page faults
and system crashes.
Falcon Sensor / CrowdStrike
How Rust Could Have Prevented the Issue
• Prevents Invalid Memory Access
• Rust automatically checks array and slice boundaries at runtime, preventing out-of-bounds access.
• Eliminates Use After Free and Double Free
• Rust’s Ownership & Borrow Checker system prevents dangling pointers and ensures memory is
managed safely.

• Prevents Uninitialized Memory Access

• Rust enforces that all variables must be initialized before use, eliminating uninitialized memory errors.
• 🎯 Conclusion
• Had Rust been used in the development of the Falcon Sensor, the out-of-bounds memory access
that caused the global crashes could have been prevented, thanks to Rust’s stringent memory safety
features.