# Guard byte

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Guard_byte
> Markdown URL: https://mediated.wiki/source/Guard_byte.md
> Source: https://en.wikipedia.org/wiki/Guard_byte
> Source revision: 1246573814
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{onesource|date=December 2009}}

A '''guard byte''' is a part of a [computer program](/source/computer_program)'s [memory](/source/computer_memory) that helps software developers find [buffer overflow](/source/buffer_overflow)s while developing the program.<ref>{{Cite web |title=Security Technologies: Stack Smashing Protection (StackGuard) |url=https://www.redhat.com/en/blog/security-technologies-stack-smashing-protection-stackguard |access-date=2024-09-19 |website=www.redhat.com |language=en}}</ref>

==Principle==
When a [program](/source/computer_program) is [compiled](/source/compiler) for [debugging](/source/debugging), all [memory](/source/Memory_(computers)) allocations are prefixed and postfixed by guard bytes. Special memory allocation [routines](/source/subroutine) may then perform additional tasks to determine unwanted read and write attempts outside the allocated memory. These extra bytes help to detect that the program is writing into (or even reading from) inappropriate memory areas, potentially causing [buffer overflow](/source/buffer_overflow)s. In case of accessing these bytes by the program's algorithm, the programmer is warned with information assisting them to locate the problem.

Checking for the inappropriate access to the guard bytes may be done in two ways:
* by setting a ''memory [breakpoint](/source/breakpoint)'' on a condition of write and/or read to those bytes, or
* by pre-initializing the guard bytes with specific values and checking the values upon deallocation.

The first way is possible only with a [debugger](/source/debugger) that handles such breakpoints, but significantly increases the chance of locating the problem. The second way does not require any debuggers or special [environments](/source/Integrated_development_environment) and can be done even on other computers, but the programmer is alerted about the overflow only upon the deallocation, which is sometimes quite late.

Because guard bytes require additional code to be executed and additional memory to be allocated, they are used only when the program is compiled for debugging. When compiled as a ''release'', guard bytes are not used at all, neither the routines working with them.

==Example==
A programmer wants to allocate a [buffer](/source/Buffer_(computer_science)) of 100 bytes of memory while debugging. The system memory allocating [routine](/source/subroutine) will allocate 108 bytes instead, adding 4 leading and 4 trailing guard bytes, and [return](/source/Return_statement) a [pointer](/source/Data_pointer) shifted by the 4 leading guard bytes to the right, ''hiding'' them from the programmer. The programmer should then work with the received pointer without the knowledge of the presence of the guard bytes.

If the programmer's algorithm writes right outside the assigned space, it will overwrite the guard bytes. Later, upon deallocation, the deallocating routine will check, whether the guard bytes are modified and reports an error if appropriate.

==Problems==
Memory allocation routines fill guard bytes with values that are not supposed to be used by the programmer's algorithms. This is, however, not predictable. When the algorithm uses those values and overwrites the guard bytes with them (only the last write before deallocation is relevant), the overflow can not be detected, because the bytes have not actually changed. Instead, the memory breakpoint option can be used, set on a condition of access to those bytes in a debugger.

==See also==

* [Buffer overflow protection](/source/Buffer_overflow_protection)

==References==
{{reflist}}

{{DEFAULTSORT:Guard Byte}}
Category:Computer memory
Category:Programming idioms
Category:Debugging

---
Adapted from the Wikipedia article [Guard byte](https://en.wikipedia.org/wiki/Guard_byte) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Guard_byte?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
