惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

阮一峰的网络日志
阮一峰的网络日志
Malwarebytes
Malwarebytes
C
Cybersecurity and Infrastructure Security Agency CISA
The Register - Security
The Register - Security
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Schneier on Security
F
Full Disclosure
T
Tenable Blog
I
Intezer
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Cyberwarzone
Cyberwarzone
F
Future of Privacy Forum
Latest news
Latest news
P
Palo Alto Networks Blog
李成银的技术随笔
U
Unit 42
人人都是产品经理
人人都是产品经理
T
ThreatConnect
P
Privacy & Cybersecurity Law Blog
Know Your Adversary
Know Your Adversary
Apple Machine Learning Research
Apple Machine Learning Research
The Cloudflare Blog
月光博客
月光博客
有赞技术团队
有赞技术团队
P
Privacy International News Feed
H
Help Net Security
K
Kaspersky official blog
Blog — PlanetScale
Blog — PlanetScale
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Recorded Future
Recorded Future
爱范儿
爱范儿
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
Netflix TechBlog - Medium
Last Week in AI
Last Week in AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
Cisco Blogs
C
CXSECURITY Database RSS Feed - CXSecurity.com
G
GRAHAM CLULEY
大猫的无限游戏
大猫的无限游戏
T
The Blog of Author Tim Ferriss
T
Tor Project blog
T
True Tiger Recordings
T
Threatpost
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
A
About on SuperTechFans

DEV Community

Business Logic Flaws: How Attackers Skip Steps in Your App to Get What They Should Never Have Why Vibe Coders Need Boilerplates to Save Time, Tokens, and Build More Secure SaaS Projects Idle Cloud Cost Is the New Egress Cost Quark's Outlines: Python Traceback Objects Building a High-Performance Local Chess Assistant Extension with WebAssembly Stockfish and Manifest V3 Breaking the Trade-off Between Self-Custody and Intelligent Automation on the Stellar Network I Open-Sourced a Practical Fullstack Interview Preparation Repository (React + Node + System Design) 🚀 How I Started Coding as a Student (Beginner-Friendly Guide) WordPress vs. Ghost: Why Automated Bot Attacks Are Making us think much I tested 4 AI agent-governance tools against an open spec - here's the matrix zkML Inference Proof: What the Receipt Proves, and What the Model Still Does Not I Scored 1000/1000 on AWS Certified AI Practitioner (AIF-C01) Here's Every Resource I Used Go - Struct and Interface Handling JSON Requests in Go Storing Kamal secrets in AWS Secrets Manager and deploying to a cheap Hetzner VPS How I Caught and Fixed an N+1 Query in My Django REST API I got tired of paying $10/month to remove image backgrounds – so I built it for free How to Start Coding as a Student: A Complete Beginner’s Guide 🚀 Storing Kamal secrets in AWS Secrets Manager and deploying to a cheap Hetzner VPS What Are Buffers? Build AI Agents with Hot Dev The Client Onboarding Checklist That Prevents 90% of Project Problems Scalable Treasure Hunts Are a Myth, But We Almost Made One Gemini 3.5 Flash Has a 1M Token Context Window. Here's What You Can Actually Build With It. I built a ultra-polished developer portfolio template using React & Tailwind v4 (with zero-JSX configuration) Gemini CLI Is Dead. Here's the Better Thing That Replaced It Post-quantum cryptography for embedded and IoT: secure boot, TLS and OTA Understanding Optimistic Preloading in Modern Applications Nobody Wants to Read Your Code (And You Don't Want to Read Theirs) A clothing pairing app E2B vs E4B vs 31B Dense: The Practical Guide to Choosing the Right Gemma 4 Model I built an AI app store screenshot generator because Figma made me cry — looking for brutal feedback Hello DEV Community — My Developer Journey Begins Adaptable apps on ChromeOS: a post-mortem The WordPress Paradox: Why It’s Here to Stay (and How to Stop Ruining It) I built a local voice AI that can change to 9 different personalities! UXRay: I Built an AI That Roasts Your UI Like a Senior Designer Would Wyrly DI: Type-safe Dependency Injection for Modern TypeScript The contract is the interface: agent-driven Steampipe Stave in one command Gemma 4's Hidden Superpower: Why Built-in Thinking Tokens Change Everything for Evaluation Tasks ⚡ WordPress Performance: The Real Truth They Don't Tell You A Mobile App Usually Needs an Admin System First Customer Portals Should Remove Repeated Admin Work Episode 4: The Time Loop (Layers & Caching) I Built ContextForge with Gemma 4: A Project Memory Generator for Developers and AI Coding Agents Why shadow DOM beat iframe for inline tooltips HOW TO CREATE USER AND ASSIGN ROLES IN AZURE WITH ENTRA ID When AI Blackmail Goes Viral Episode 3: The Secret Scroll (The Dockerfile) Monte Carlo Simulation for Engineers: Turning Uncertainty Into Numbers The tokens-per-byte trap: character-level 'compression' adds tokens Nobody Reads Your Code Anymore Why I built a collection of 5 free, zero-signup career finance tools for solo builders 🚀 New React Challenge: Instant UI with useOptimistic Resolvendo a Alucinação da IA na Arquitetura de Software com Code Property Graphs e .NET 9 S1 — Clean Backtrace Crashes: How to Diagnose and Fix Them Cómo solucionar el bucle infinito en useEffect con objetos y arrays The Brutal Reality of Running Gemma 4 Locally I made Claude Code refuse to write code unless the ticket scores 80/100 I Fed React's Entire Hooks Transition History to Gemma 4. Here's What It Found That We Missed. Building a Private RAG System: Lessons from a Local-First AI Journal CodePulse AI — Reviving an AI-Powered Repository Intelligence Platform How to Split Video into Segments with FFmpeg (CLI + API) I've audited dozens of estate agency websites. The same 5 problems show up every single time. Part 1: Taming Asynchronous JavaScript: How to Build a "Mailbox" Queue Building My AI-Powered VS Code Extension 🚀 Google Login in Express with PassportJS & JWT Great example of Gemma 4 moving beyond chatbots into real-world decision support. Using AI to guide everyday actions like recycling shows how impactful applied LLMs can be when designed for usability, not just capability. #Gemma4 #AI #Sustainability Building a Production AI Chatbot for an Educational Institute: Architecture, Lessons & Full Stack Deep-Dive Google Login in Express with PassportJS & JWT How I reclaimed 47GB on my MacBook by cleaning developer project junk Operators Are Not Oracles: How We Learned to Stop Worrying and Love the Configuration I Built 6 Free Developer Tools for AI APIs, Cron, Docker, and Self-Hosting How I Built a Real-Time Precious Metals Price Feed for 30,000 Concurrent Users in Laravel How to Use a SERP API to Validate Whether a Project Idea Is Worth Building Gemma 4 discussions often focus on capability, but real-world impact depends on deployment context. For offline education, especially in low-connectivity regions, latency, cost, and local inference matter as much as model strength. Local Mind Explores it Space Complexity + Ω and Θ Notations Google I/O 2026 Just Confirmed the Shift From AI Chatbots to AI Agents How to Add API Monitoring to an Express App in 5 Minutes (2026) Designing an In-Game Inflation Tracking Algorithm for Web Utility Apps Google AI Studio Just Changed the Shape of App Development If you struggle to learn then this is for you. Best AI Agent Security & Guardrails Tools in 2026: LLM Guard vs NeMo vs Guardrails AI Building Dynamic RBAC in React 19: From Permission Strings to Component-Level Access Control How to Build a Self-Hosted AI Code Review Tool in Python Why We Switched from React to HTMX in Production: A 200-Site Case Study Gemma-Loom: The Intent-Based Virtual Machine (IVM) for Edge Sovereignty Java实习海投攻略:3天300个沟通,我是怎么拿到面试的 I Deployed Netflix's Web Server in 30 Seconds (And So Can You) - Docker Project 1 Debugging Android 14 WebRTC Disconnects on a coturn Relay Path 1/30 Days System Design Question Testing FastAPI + SQLAlchemy with Real PostgreSQL Fixtures: No More Mocking Misery FAQ Schema Markup Generators: What They Actually Do (and What They Don't Tell You) How a pure-TypeScript flex layout engine closed the last WASM-Yoga gap Spot instances as GitHub Actions runners Agents Need Receipts, Not Just Better Prompts readmegen — Generate beautiful README.md in seconds (12 templates, open source) When AI Reads Blueprints: The Hidden Attack Surface of Multimodal Engineering Intelligence Simplicity scales — complexity kills side projects AI does exactly what you ask — that's the problem
Ghost in the Stack (Part 1): Why uninitialized variables remember old data
Chisom · 2026-05-23 · via DEV Community

Chisom

Have you ever written a C program, run it, and watched it print values you never assigned?
At first glance, it feels almost as if old data is haunting your program from beyond a function call, but what is happening under the hood is far more interesting:

  • stack frame reuse

  • compiler behaviour

  • memory persistence

  • and the performance tradeoffs built into modern systems

In this series, we'll go from high-level C code into stack frames, assembly instructions, and eventually real-world security implications.
Today, in Part 1, we investigate one of the most common low-level surprises in C: uninitialized local variables appearing to "remember" old values.
Consider the following program:

#include <stdio.h>
void Subtraction()
{
    int a = 100;
    int b = 35;
    int c = a - b;
}
void PrintValues()
{
    int i, j, k;
    printf("First value is %d\nSecond value is %d\nThird value is %d\nThese are the values for PrintValues function\n", i, j, k);
}
int main()
{
    Subtraction();
    PrintValues();
    return 0;
}

Enter fullscreen mode Exit fullscreen mode

If we compile without optimization: gcc -O0 main.c, we may observe output similar to this:

First value is 100
Second value is 35
Third value is 65
These are the values for PrintValues function

Enter fullscreen mode Exit fullscreen mode

At first glance, this looks impossible. PrintValues never initializes its variables. So why does it print the exact same values previously used by Subtraction()? Important Warning: This is undefined behaviour
Before going deeper, we need to clarify something important.
Reading uninitialized local variables in C is undefined behaviour.
That means:

  • the C standard does not guarantee what happens

  • different compilers might behave differently

  • optimization levels may change the result

  • future executions may produce different outputs
    The behaviour shown above is simply one possible outcome observed under a particular compiler configuration.

The Dirty Whiteboard Analogy

To understand what's happening, forget the code for a moment. Imagine RAM as a whiteboard in a shared classroom. First teacher (Subtraction()). A math teacher walks into the room and writes: 100, 35, 65 on the whiteboard. After class ends, she leaves without erasing anything, because erasing takes time. For a brief moment, the room is empty. The writing is still visible. Nothing has overwritten it yet. Second teacher (PrintValues()). A history teacher enters the room immediately afterward. Instead of writing anything new, he simply reads whatever is already on the board. At a high level, this resembles what happens with stack memory. When a function returns, typical compiled code does not automatically erase the stack bytes previously used for local variables. Instead:

  • the stack space becomes available for reuse

  • old data often remains there temporarily

  • another function may reuse the same stack offsets
    If the new function reads memory before writing new values, it may accidentally observe leftover bytes from an earlier stack frame.

INSPECT THE ASSEMBLY FOR SUBTRACTION()

Let's inspect the assembly generated for Subtraction(). Below is the disassembly produced by GDB on x86-64:

push %rbp
mov %rsp,%rbp
sub $0x30,%rsp
movl $0x64,-0x4(%rbp)
movl $0x23,-0x8(%rbp)
mov -0x4(%rbp),%eax
sub -0x8(%rb),%eax
mov %eax,-0xc(%rbp)
mov -0xc(%rbp),%ecx
mov -0x8(%rbp),%edx
mov -0x4(%rbp),%eax
add $0x30,%rsp
pop %rbp
ret

Enter fullscreen mode Exit fullscreen mode

push %rbp - Save the base pointer onto the stack
mov %rsp,%rbp - Set the stack pointer as the base pointer.
sub $0x30,%rsp - Allocate 48 bytes of space on the stack
movl $0x64,-0x4(%rbp) - Store 100 into the first 4 bytes on the stack
movl $0x23,-0x8(%rbp) - Store 35 into the second slot
mov -0x4(%rbp),%eax - Load 100 into the eax register
sub -0x8(%rbp),%eax - Subtract 35 from eax, the result remains in eax
mov %eax,-0xc(%rbp) - Move the result from the register to memory
mov -0xc(%rbp),%ecx - Move to register
mov -0x8(%rbp),%edx - Move to register
mov -0x4(%rbp),%eax - Move to register
add $0x30,%rsp - Clean up allocated stack space
pop %rbp - Restore the previous stack frame
ret - Return control to the caller
After the function returns, the stack frame is released. The stack pointer simply moves back, making that region available for reuse. The previous values often remain there temporarily until another operation overwrites them. Typically compiled code does not automatically clear old stack contents because doing so would introduce additional instructions and reduce performance.

ENTER PrintValues()

Now let us examine the beginning assembly code generated for PrintValues()

push %rbp
mov %rsp,%rbp
sub $0x30,%rsp
mov -0xc(%rbp),%eax
mov -0x4(%rbp),%edx
mov -0x8(%rbp),%ecx

Enter fullscreen mode Exit fullscreen mode

Notice something very important. PrintValues() allocates a very similar stack layout. So this instruction:
mov -0x4(%rbp),%eax means read whatever bytes that exists here. If those bytes still contain leftover data from Subtraction(), then PrintValues() may appear to "remember" the earlier values.
This teaches something deeper than uninitialized variables are dangerous. It reveals an important systems principle: memory is reused, not automatically cleaned.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。