Security, C Pitfalls, Common Exam Questions & Formula References

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/23

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 10:52 PM on 5/21/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

24 Terms

1
New cards

What is the classic gets() vulnerability in C?

  • gets(buf) reads unlimited input

  • char buf[10] with >9 chars overwrites adjacent memory

  • Safe alternative: fgets(buf, sizeof(buf), stdin)

2
New cards

What is the off-by-one vulnerability?

  • int arr[10]; valid indices are 0..9

  • arr[10] = 5 writes past the end of array

  • Silently corrupts adjacent memory

3
New cards

What is the malloc without free vulnerability?

  • int *p = malloc(n * sizeof(int));

  • No free called โ†’ heap grows until exhaustion

  • Memory leak that can crash system

4
New cards

Why are C vulnerabilities worse on a microcontroller than desktop?

  • Desktop OS catches buffer overflow with MMU โ†’ segfault

  • MCU has no MMU, no segfault

  • Overflow silently corrupts another variable, return address, or peripheral register

5
New cards

What is the bad pattern for non-atomic read of ISR-shared variable?

  • BAD: uint16_t val = shared16; (ISR can fire between two 8-bit reads on 8-bit AVR)

  • GOOD: cli(); uint16_t val = shared16; sei();

  • Wrap access in critical section

6
New cards

What is the bad pattern for missing volatile on MMIO register?

  • BAD: uint8_t *PORT = (uint8_t *)0x25; while (*PORT); (compiler may cache โ†’ infinite loop)

  • GOOD: volatile uint8_t *PORT = (volatile uint8_t *)0x25;

  • volatile forces re-read from memory every time

7
New cards

What is the bad pattern for feeding watchdog inside ISR?

  • BAD: ISR(TIMER0_vect) { wdt_reset(); }

  • Masks application-level failures (system stays broken indefinitely)

  • GOOD: feed in lowest-priority task

8
New cards

What is the bad pattern for reading uninitialised local?

  • int main(void) { int x; if (x > 0) { โ€ฆ } }

  • Reading uninitialised local is undefined behaviour

  • Stack contains garbage values

9
New cards

Why is calling printf from an ISR bad?

  • printf is non-reentrant (internal buffers)

  • May deadlock or corrupt memory

  • Never call printf from ISR

10
New cards

What are the steps to answer "Is this task set schedulable under RMS?"

  1. Compute each Ci/Ti

  2. Sum to U

  3. Compute bound n(2^(1/n)-1)

  4. Compare and state conclusion

  5. If U between bound and 1, check if harmonic (that often saves it)

11
New cards

What are the steps to answer "Trace this file access in FAT"?

  1. Read directory entry โ†’ first cluster number

  2. Look up FAT[first_cluster] โ†’ next cluster

  3. Repeat until end-of-chain value (0xFFF8-0xFFFF)

  4. List every cluster visited

  5. Total allocated = clusters ร— cluster_size

  6. Internal fragmentation = cluster_size โˆ’ (file_size mod cluster_size)

12
New cards

What are the steps to answer "What happens when a file is deleted?"

  • First byte of directory entry โ†’ 0xE5

  • Every cluster in chain โ†’ 0x0000 in FAT

  • Data not touched

  • Recovery possible until clusters overwritten; first character of filename gone forever

13
New cards

How to answer "Why use volatile?"

  • Hardware MMIO registers and ISR-shared variables can change without compiler knowing

  • volatile forces compiler to read from memory every time (no caching)

  • Cost: loss of optimisation for that variable (by design)

14
New cards

How to answer "Describe sources of interrupt latency"?

  • Current instruction must complete

  • Critical sections (cli/sei) block all interrupts

  • State saving (PC, status register, registers) onto stack

  • Vector-table fetch and jump

15
New cards

How to answer "What is wrong with this ISR?"

  • Calls to printf or malloc

  • Long loops

  • Missing volatile on shared variables

  • Non-atomic multi-byte reads

  • Feeding watchdog inside ISR

16
New cards

How to answer "Compare RMS and EDF"?

  • Priorities: RMS Fixed, EDF Dynamic

  • Utilisation guarantee: RMS ~69.3%, EDF 100%

  • Overload behaviour: RMS lowest-priority misses first, EDF any task can miss

  • Certification: RMS Easier, EDF Harder

  • Implementation: RMS Simple priority queue, EDF More complex

17
New cards

What are five scenarios causing stack-heap clash?

  • Deep recursion

  • Large local arrays

  • malloc without free

  • Dynamic allocation inside ISR

  • Oversized .bss globals leaving little RAM for stack

18
New cards

How to answer "Why feed watchdog in lowest-priority task?"

  • If application hangs/deadlocks, lowest-priority task stops running

  • Watchdog stops being fed โ†’ system resets

  • Feeding from high-priority task or ISR masks failure (watchdog keeps getting fed even if application broken)

19
New cards

What is the FAT special value 0x0000?

  • Free cluster

  • Scan from index 2 for first 0x0000 to extend file

20
New cards

What is the FAT special value 0x0001?

  • Reserved

  • FAT[0] holds media-type information

  • FAT[1] is dirty/clean flag

21
New cards

What is the FAT special value range 0x0002-0xFFF6?

  • Next cluster in chain

  • Forms the cluster chain

  • Follow until end-of-chain value

22
New cards

What is the FAT special value 0xFFF7?

  • Bad cluster

  • Physically faulty

  • Do not use

23
New cards

What is the FAT special value range 0xFFF8-0xFFFF?

  • End of chain (EOF)

  • Marks last cluster of file

  • Example chain: 5 โ†’ 6 โ†’ 8 โ†’ 0xFFFF

24
New cards

What are the FAT special first filename byte values?

  • 0xE5: deleted file

  • 0x00: never-used entry / end of directory

  • 0x05: real first character is 0xE5 (Kanji escape)