im playing with buffer overflows and im not understandning why when i type 1234567890 after ./program_name i dont get an overflow of the last two bytes "90" into buffer_one. buffer_two is located at 0xa0 and buffer_one is located at 0xb0. 0xb0 - 0xa0 = 0x10 = 16 bytes. why is my computer allocating 16 bytes when the array buffer_two and buffer_one is only supposed to have 8 bytes b/w them.also, when i run sizeof(char) i get 1 byte. im running on a 64 bit processor but not sure how this is affecting it. can someone explain in detail or point me to a good source? -
int main(int argc, char *argv[])
-
{
-
int value = 5;
-
char buffer_one[8], buffer_two[8];
-
-
strcpy(buffer_one, "one"); /* Put "one" into buffer_one */
-
strcpy(buffer_two, "two"); /* Put "two" into buffer_two */
-
-
printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
-
printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
-
printf("[BEFORE] value is at %p and is %d (0x%08x)\n", &value, value, value);
-
-
printf("\n{STRCPY] copying %d bytes into buffer_two\n\n", strlen(argv[1]));
-
strcpy(buffer_two, argv[1]); /* Copy first arg into buffer */
-
-
printf("[AFTER] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
-
printf("[AFTER] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
-
printf("[AFTER] value is at %p and is %d (0x%08x)\n", &value, value, value);
-
}// END OF MAIN
-
-
You are making assumptions about how the compiler manages memory.
It is true that buffer_one starts at address X and buffer_two starts at address Y.
But it does not follow that Y-X gives the memory allocated to buffer_one?
What usually happens is that buffer_one is aligned with a word boundary if possible. Next, sizeof(buffer_one)/sizeof(char) is 8. So the array is 8 char. The compiler sees it as 8 char and if you go beyond 8 you enter the world of indeterminate results. The same can be said by proceeding to the left of the array rather than to the right.
Your stack variables are not jammed together like a tiled floor. Many are aligned on word or int boundaries creating any number of slack bytes.
When you enter 10 char into an array of 8 there may, or may not, be a crash. Another variable may, or may not, have been trodden on. All you can say is that the stack is now corrupt. This may lead to a crash later.
Take a heap allocation: - int* buffer_three = new int[8];
-
buffer_three is the address of the 8 int heap array. Then when you code:
How does the compiler know buffer_three points to 8 bytes and not 8000? How much memory does the compiler free up? buffer_three just has the address of the array. The answer here is that the new operator pre-pends a header before buffer_three that contains the allocation info. Like the fact that there are 8 bytes and whether the array has been deleted already. However, since this pre-pended header is a compiler implementation trick, no info about it appears in any C++ book since the header is not part of the C++ language.
I hope this helps a little.
5  1670 
btw, i have also changed the bytes size from 8 to 4 to 1. but they all = a 16 byte spacing between the two mem address......????
You are making assumptions about how the compiler manages memory.
It is true that buffer_one starts at address X and buffer_two starts at address Y.
But it does not follow that Y-X gives the memory allocated to buffer_one?
What usually happens is that buffer_one is aligned with a word boundary if possible. Next, sizeof(buffer_one)/sizeof(char) is 8. So the array is 8 char. The compiler sees it as 8 char and if you go beyond 8 you enter the world of indeterminate results. The same can be said by proceeding to the left of the array rather than to the right.
Your stack variables are not jammed together like a tiled floor. Many are aligned on word or int boundaries creating any number of slack bytes.
When you enter 10 char into an array of 8 there may, or may not, be a crash. Another variable may, or may not, have been trodden on. All you can say is that the stack is now corrupt. This may lead to a crash later.
Take a heap allocation: - int* buffer_three = new int[8];
-
buffer_three is the address of the 8 int heap array. Then when you code:
How does the compiler know buffer_three points to 8 bytes and not 8000? How much memory does the compiler free up? buffer_three just has the address of the array. The answer here is that the new operator pre-pends a header before buffer_three that contains the allocation info. Like the fact that there are 8 bytes and whether the array has been deleted already. However, since this pre-pended header is a compiler implementation trick, no info about it appears in any C++ book since the header is not part of the C++ language.
I hope this helps a little.
So I'm writing into the slack bits? I soppose I should read up on how memory is allocated during compilation. Would wiki be a good source or do you know of a better site?
Memory allocation is compiler dependent. I would research how the compiler I am using does it. But be careful. If you program based on a specific compiler, your code will be unportable.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: kwijibo28 |
last post by:
Hi all,
I've got a simple question regarding stl containers. Consider this
code:
std::vector<float> foo;
foo.resize(100);
How do I know if memory allocation was successful? The resize...
|
by: chris |
last post by:
Hi all,
I need to know, what is the difference between dynamic memory
allocation, and stack allocation ?
1. If I have a class named DestinationAddress, when should I use
dynamic memory...
|
by: Johan Tibell |
last post by:
I've written a piece of code that uses sockets a lot (I know that
sockets aren't portable C, this is not a question about sockets per
se). Much of my code ended up looking like this:
if...
|
by: Ken |
last post by:
In C programming, I want to know in what situations we should use
static memory allocation instead of dynamic memory allocation. My
understanding is that static memory allocation like using array...
|
by: Peterwkc |
last post by:
Hello all expert, i have two program which make me desperate bu after i have noticed the forum, my future is become brightness back.
By the way, my problem is like this i the first program was...
|
by: ranjeetasharma81 |
last post by:
Hi all,
I have a big C-cod, in which there are lots of dynamic memory allocation used. I want to replace dynamic memroy allocation by static arrays. The following are the problems that i am...
|
by: vivek |
last post by:
i have some doubts on dynamic memory allocation and stacks and heaps
where is the dynamic memory allocation used?
in function calls there are some counters like "i" in the below
function. Is...
|
by: swornavidhya.mahadevan |
last post by:
Which allocation (Static / Dynamic) is suitable for the situation when
we are trying to allocate for a overloaded memory when the memory is
full and no space to allocate.
What will happen if both...
|
by: eternalLearner |
last post by:
i am writing an client application that connects to the server and then sends data to server.
but, the problem is that i get a java.net.ConnectException: Connection refused error.
The code i have...
|
by: sabeel mk |
last post by:
Hi
I am running a program on Windows PC with 8GB RAM,64bit intel processor,windows7 64 bit OS.
i use calloc for memory allocation,and is compiled in Microsoft Express edition version 8
My...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
