By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,194 Members | 888 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,194 IT Pros & Developers. It's quick & easy.

strcpy

P: n/a
Hi,

I want to make strcpy cause a core dump;

assuming I have;

char* source = new char[10];
char* dest = new char[10];

sprintf(source, "%s", "ninechars");
followed by;

strcpy(dest, source);
what (if any) chacters ...of any any type can I put into "source" such
that it will crash?
Is the answer staring me in the face? I can't do something like

source =0

or

dest = 0

but instead I have to put a character in the source somewhere.
Cheers

GrahamO

Jul 23 '05 #1
Share this Question
Share on Google+
16 Replies


P: n/a
Gr**********@gmail.com wrote:
Hi,

I want to make strcpy cause a core dump;

There is no portable way to do this.
You're trying to force undefined behavior which
may or may not result in a core dump.

Jul 23 '05 #2

P: n/a

<Gr**********@gmail.com> wrote in message
news:11*********************@g43g2000cwa.googlegro ups.com...
Hi,

I want to make strcpy cause a core dump;

assuming I have;

char* source = new char[10];
char* dest = new char[10];

sprintf(source, "%s", "ninechars");
followed by;

strcpy(dest, source);
what (if any) chacters ...of any any type can I put into "source" such
that it will crash?
Is the answer staring me in the face? I can't do something like

source =0

or

dest = 0

but instead I have to put a character in the source somewhere.
Cheers

GrahamO


Instead of doing
sprintf(source, "%s", "ninechars");
it might crash if you do
sprintf(source, "%s", 432);

(since you saying what follows is a string, but you are putting a number)
Jul 23 '05 #3

P: n/a


Ron Natalie wrote:
Gr**********@gmail.com wrote:
Hi,

I want to make strcpy cause a core dump;

There is no portable way to do this.
You're trying to force undefined behavior which
may or may not result in a core dump.


Yes, I agree that it may or may not cause coredump. It's UB.
If you want to use strcpy to cause coredump.
How about this.

{
char *x = "ninechars"; // x point to read-only memory
strcpy(x, "somechars"); // trying to modify x which point to RO
memory, this should crash.
}

By the way, in linux please set ulimit of core file to unlimited.
# ulimit -c unlimited

Regards,
Pui.

Jul 23 '05 #4

P: n/a
thanks for those replies. I can use either of the approaches you
mention. Portability wasn't part of the question so is not relevant at
all.

Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;

char* source = new char[10];
char* dest = new char[10];

sprintf(source, "%s", "ninechars");

cout << source << endl;

// here...
int x = <some value>;
source[x] = '<something>';

// this next line will cause a crash after the insertion of
<something> into index // <some value> of the char array.

cout << source << endl;
anybody have any ideas/possibilities there. Forget portability, it's
not relevant.

thanks much

GrahamO

Jul 23 '05 #5

P: n/a


Gr**********@gmail.com wrote:
thanks for those replies. I can use either of the approaches you
mention. Portability wasn't part of the question so is not relevant at
all.

Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;

char* source = new char[10];
char* dest = new char[10];

sprintf(source, "%s", "ninechars");

cout << source << endl;

// here...
int x = <some value>;
source[x] = '<something>';

// this next line will cause a crash after the insertion of
<something> into index // <some value> of the char array.

cout << source << endl;
anybody have any ideas/possibilities there. Forget portability, it's
not relevant.

thanks much

GrahamO


It's possible
try 'somevalue' > 9
I don't know exactly value.My point is you have to screw up heap.
After that try to allocate heap memory again. It would crash.

The memory that you modify has to be information area of the heap.

Any idea (else) ?
Regards,
Pui

Jul 23 '05 #6

P: n/a
* Prawit Chaivong:
* Graham J Walsh:

Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;
It's possible
try 'somevalue' > 9


That's meaningless.
I don't know exactly value.My point is you have to screw up heap.
After that try to allocate heap memory again. It would crash.


Judging from the very pointed questions, "Graham J Walsh" is most
likely hunting for a particular Windows bug that once allowed
hackers to crash their victim's computers.

It's not a good idea to help such people.

--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Jul 23 '05 #7

P: n/a


Alf P. Steinbach wrote:
* Prawit Chaivong:
* Graham J Walsh:

Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;
It's possible
try 'somevalue' > 9


That's meaningless.
I don't know exactly value.My point is you have to screw up heap.
After that try to allocate heap memory again. It would crash.


Judging from the very pointed questions, "Graham J Walsh" is most
likely hunting for a particular Windows bug that once allowed
hackers to crash their victim's computers.

I don't know his intention. I just answer the question.
And I'd have thought that it's possible.
It's not a good idea to help such people.

--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?


Jul 23 '05 #8

P: n/a
Oh my gosh you're talking thru your swiss! Can't believe you're posting
such tosh. Get a grip man.

I code to make a living, I would rather be out fishing by a lake with a
beer in my hand so if you think I spend any more time at this terminal
than I have to, you're greatly mistaken. I don't get my kicks from
crashing computers.... women and nice holidays provide me with such
entertainment.

FYI I am debugging a distributed system whereby a string is passed from
client to server. The string is inserted client side and extracted
server side. I want the server unmarshalling code to fail with a core
dump when it attempts to read the string. Hence the question.

get a life you moron!

G

Jul 23 '05 #9

P: n/a
In message <11**********************@g14g2000cwa.googlegroups .com>,
Gr**********@gmail.com writes
Oh my gosh you're talking thru your swiss! Can't believe you're posting
such tosh. Get a grip man.
[...]

Your rant would have more force if we had any idea who you were
addressing it to. Please quote some context when following up.
FYI I am debugging a distributed system whereby a string is passed from
client to server. The string is inserted client side and extracted
server side. I want the server unmarshalling code to fail with a core
dump when it attempts to read the string.
Unless someone wrote the server with a back door, I can't imagine any
self-respecting code that would do what you specify.
Hence the question.

get a life you moron!


--
Richard Herring
Jul 23 '05 #10

P: n/a
Gr**********@gmail.com wrote:
thanks for those replies. I can use either of the approaches you
mention. Portability wasn't part of the question so is not relevant at
all.

Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;


It's still not clear what on earth you are trying to do. Invoking
undefined behavior is not something you can rely on the results, being
core dumps or otherwise.

Writing off the end of a "new'd" array probably WONT core dump
immediately. It will assuredly crash later the next time something
is allocated or deallocated.

Do you want to explain what it is you're trying to do? and what platform
you are "NOT CONCERNED ABOUT PORTABILITY" about.
Jul 23 '05 #11

P: n/a
Gr**********@gmail.com wrote:
ainment.

FYI I am debugging a distributed system whereby a string is passed from
client to server. The string is inserted client side and extracted
server side. I want the server unmarshalling code to fail with a core
dump when it attempts to read the string. Hence the question.

get a life you moron!


When you come here asking for free advice with a still ill-defined
problem, you should check the insulting attitude at the door.

You still haven't said what platform you want this abomination to
work on. I'm still unclear just what you are trying to do. Your
better bet would be to invoke some implemetnation defined method to
allocate read only memory or such if that's what you're trying to do.
Jul 23 '05 #12

P: n/a

OK, lets put this one to sleep.

1)

I replied to Alfie Steinbach who implied that i was writing malicious
code. Tosh! As I mentioned previously I really couldn't be ars*ed
spending a minute more than I need to in front of a terminal than is
absolutely necessary. Mr. Steinbach is paranoid.

2)

I was trying to reproduce a possible scenario where a string, when
extacted/unmarshalled on server side, could cause a core dump/crash
because of the contents of the string. That's all. I'm not flying
planes into the pentagon here.

thats all. The subject is closed. Geez.

G


Ron Natalie a écrit :
Gr**********@gmail.com wrote:
ainment.

FYI I am debugging a distributed system whereby a string is passed from
client to server. The string is inserted client side and extracted
server side. I want the server unmarshalling code to fail with a core
dump when it attempts to read the string. Hence the question.

get a life you moron!


When you come here asking for free advice with a still ill-defined
problem, you should check the insulting attitude at the door.

You still haven't said what platform you want this abomination to
work on. I'm still unclear just what you are trying to do. Your
better bet would be to invoke some implemetnation defined method to
allocate read only memory or such if that's what you're trying to do.


Jul 23 '05 #13

P: n/a
In message <11**********************@g43g2000cwa.googlegroups .com>,
Gr**********@gmail.com writes

OK, lets put this one to sleep.
Please don't top-post.
1)

I replied to Alfie Steinbach
Did he say you could call him that?
who implied that i was writing malicious
code. Tosh! As I mentioned previously I really couldn't be ars*ed
spending a minute more than I need to in front of a terminal than is
absolutely necessary.
Protestations of innocence don't carry much weight in these parts,
particularly when accompanied by insults.
Mr. Steinbach is paranoid.
ITYM "justifiably suspicious".

2)

I was trying to reproduce a possible scenario where a string, when
extacted/unmarshalled on server side, could cause a core dump/crash
because of the contents of the string.
You need to work on presentation. Compare and contrast the original
posting:

=====I want to make strcpy cause a core dump; [...]what (if any) chacters ...of any any type can I put into "source" such
that it will crash?
=====
which reads remarkably like a request for malware.
That's all. I'm not flying
planes into the pentagon here.
OK, so you're just posting off-topic questions. Questions about faulty
server code would be more appropriately answered in a group dedicated to
the appropriate server. Questions about C string functions are probably
better asked in a C group.

thats all. The subject is closed. Geez.


This is Usenet. The subject is closed when nobody else feels like
contributing, not because you say so.

--
Richard Herring
Jul 23 '05 #14

P: n/a

Couldn't agree more Richie. This topic is closed.

G

Richard Herring a écrit :
In message <11**********************@g43g2000cwa.googlegroups .com>,
Gr**********@gmail.com writes

OK, lets put this one to sleep.


Please don't top-post.

1)

I replied to Alfie Steinbach


Did he say you could call him that?
who implied that i was writing malicious
code. Tosh! As I mentioned previously I really couldn't be ars*ed
spending a minute more than I need to in front of a terminal than is
absolutely necessary.


Protestations of innocence don't carry much weight in these parts,
particularly when accompanied by insults.
Mr. Steinbach is paranoid.


ITYM "justifiably suspicious".

2)

I was trying to reproduce a possible scenario where a string, when
extacted/unmarshalled on server side, could cause a core dump/crash
because of the contents of the string.


You need to work on presentation. Compare and contrast the original
posting:

=====
I want to make strcpy cause a core dump;

[...]
what (if any) chacters ...of any any type can I put into "source" such
that it will crash?


=====
which reads remarkably like a request for malware.
That's all. I'm not flying
planes into the pentagon here.


OK, so you're just posting off-topic questions. Questions about faulty
server code would be more appropriately answered in a group dedicated to
the appropriate server. Questions about C string functions are probably
better asked in a C group.

thats all. The subject is closed. Geez.


This is Usenet. The subject is closed when nobody else feels like
contributing, not because you say so.

--
Richard Herring


Jul 23 '05 #15

P: n/a
In message <11**********************@g44g2000cwa.googlegroups .com>,
Gr**********@gmail.com top-posted

[please don't top-post]

Couldn't agree more Richie. This topic is closed.


So why are you still posting to this thread?

Now, what was your question about C++ again?

--
Richard Herring
Jul 23 '05 #16

P: n/a
The C++ question is closed. I've taken out the national grid of Ukraine
with my malicious c++ code.

Subject closed. No need for any more info. thanks anyways and have a
nice day.

Graham

Jul 23 '05 #17

This discussion thread is closed

Replies have been disabled for this discussion.