Hi,
I want to make strcpy cause a core dump;
assuming I have;
char* source = new char[10];
char* dest = new char[10];
sprintf(source, "%s", "ninechars");
followed by;
strcpy(dest, source);
what (if any) chacters ...of any any type can I put into "source" such
that it will crash?
Is the answer staring me in the face? I can't do something like
source =0
or
dest = 0
but instead I have to put a character in the source somewhere.
Cheers
GrahamO 16 5556 Gr**********@gmail.com wrote: Hi,
I want to make strcpy cause a core dump;
There is no portable way to do this.
You're trying to force undefined behavior which
may or may not result in a core dump.
<Gr**********@gmail.com> wrote in message
news:11*********************@g43g2000cwa.googlegro ups.com... Hi,
I want to make strcpy cause a core dump;
assuming I have;
char* source = new char[10]; char* dest = new char[10];
sprintf(source, "%s", "ninechars");
followed by;
strcpy(dest, source);
what (if any) chacters ...of any any type can I put into "source" such that it will crash?
Is the answer staring me in the face? I can't do something like
source =0
or
dest = 0
but instead I have to put a character in the source somewhere.
Cheers
GrahamO
Instead of doing
sprintf(source, "%s", "ninechars");
it might crash if you do
sprintf(source, "%s", 432);
(since you saying what follows is a string, but you are putting a number)
Ron Natalie wrote: Gr**********@gmail.com wrote: Hi,
I want to make strcpy cause a core dump; There is no portable way to do this. You're trying to force undefined behavior which may or may not result in a core dump.
Yes, I agree that it may or may not cause coredump. It's UB.
If you want to use strcpy to cause coredump.
How about this.
{
char *x = "ninechars"; // x point to read-only memory
strcpy(x, "somechars"); // trying to modify x which point to RO
memory, this should crash.
}
By the way, in linux please set ulimit of core file to unlimited.
# ulimit -c unlimited
Regards,
Pui.
thanks for those replies. I can use either of the approaches you
mention. Portability wasn't part of the question so is not relevant at
all.
Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;
char* source = new char[10];
char* dest = new char[10];
sprintf(source, "%s", "ninechars");
cout << source << endl;
// here...
int x = <some value>;
source[x] = '<something>';
// this next line will cause a crash after the insertion of
<something> into index // <some value> of the char array.
cout << source << endl;
anybody have any ideas/possibilities there. Forget portability, it's
not relevant.
thanks much
GrahamO Gr**********@gmail.com wrote: thanks for those replies. I can use either of the approaches you mention. Portability wasn't part of the question so is not relevant at all.
Is it possible also to write something into the string, say after the strcpy, so that when I try to read it again, it cores. something like;
char* source = new char[10]; char* dest = new char[10];
sprintf(source, "%s", "ninechars");
cout << source << endl;
// here... int x = <some value>; source[x] = '<something>';
// this next line will cause a crash after the insertion of <something> into index // <some value> of the char array.
cout << source << endl;
anybody have any ideas/possibilities there. Forget portability, it's not relevant.
thanks much
GrahamO
It's possible
try 'somevalue' > 9
I don't know exactly value.My point is you have to screw up heap.
After that try to allocate heap memory again. It would crash.
The memory that you modify has to be information area of the heap.
Any idea (else) ?
Regards,
Pui
* Prawit Chaivong: * Graham J Walsh: Is it possible also to write something into the string, say after the strcpy, so that when I try to read it again, it cores. something like; It's possible try 'somevalue' > 9
That's meaningless.
I don't know exactly value.My point is you have to screw up heap. After that try to allocate heap memory again. It would crash.
Judging from the very pointed questions, "Graham J Walsh" is most
likely hunting for a particular Windows bug that once allowed
hackers to crash their victim's computers.
It's not a good idea to help such people.
--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Alf P. Steinbach wrote: * Prawit Chaivong: * Graham J Walsh: Is it possible also to write something into the string, say after the strcpy, so that when I try to read it again, it cores. something like; It's possible try 'somevalue' > 9
That's meaningless.
I don't know exactly value.My point is you have to screw up heap. After that try to allocate heap memory again. It would crash.
Judging from the very pointed questions, "Graham J Walsh" is most likely hunting for a particular Windows bug that once allowed hackers to crash their victim's computers.
I don't know his intention. I just answer the question.
And I'd have thought that it's possible.
It's not a good idea to help such people.
-- A: Because it messes up the order in which people normally read text. Q: Why is it such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?
Oh my gosh you're talking thru your swiss! Can't believe you're posting
such tosh. Get a grip man.
I code to make a living, I would rather be out fishing by a lake with a
beer in my hand so if you think I spend any more time at this terminal
than I have to, you're greatly mistaken. I don't get my kicks from
crashing computers.... women and nice holidays provide me with such
entertainment.
FYI I am debugging a distributed system whereby a string is passed from
client to server. The string is inserted client side and extracted
server side. I want the server unmarshalling code to fail with a core
dump when it attempts to read the string. Hence the question.
get a life you moron!
G
In message <11**********************@g14g2000cwa.googlegroups .com>, Gr**********@gmail.com writes Oh my gosh you're talking thru your swiss! Can't believe you're posting such tosh. Get a grip man.
[...]
Your rant would have more force if we had any idea who you were
addressing it to. Please quote some context when following up. FYI I am debugging a distributed system whereby a string is passed from client to server. The string is inserted client side and extracted server side. I want the server unmarshalling code to fail with a core dump when it attempts to read the string.
Unless someone wrote the server with a back door, I can't imagine any
self-respecting code that would do what you specify.
Hence the question.
get a life you moron!
--
Richard Herring Gr**********@gmail.com wrote: thanks for those replies. I can use either of the approaches you mention. Portability wasn't part of the question so is not relevant at all.
Is it possible also to write something into the string, say after the strcpy, so that when I try to read it again, it cores. something like;
It's still not clear what on earth you are trying to do. Invoking
undefined behavior is not something you can rely on the results, being
core dumps or otherwise.
Writing off the end of a "new'd" array probably WONT core dump
immediately. It will assuredly crash later the next time something
is allocated or deallocated.
Do you want to explain what it is you're trying to do? and what platform
you are "NOT CONCERNED ABOUT PORTABILITY" about. Gr**********@gmail.com wrote:
ainment. FYI I am debugging a distributed system whereby a string is passed from client to server. The string is inserted client side and extracted server side. I want the server unmarshalling code to fail with a core dump when it attempts to read the string. Hence the question.
get a life you moron!
When you come here asking for free advice with a still ill-defined
problem, you should check the insulting attitude at the door.
You still haven't said what platform you want this abomination to
work on. I'm still unclear just what you are trying to do. Your
better bet would be to invoke some implemetnation defined method to
allocate read only memory or such if that's what you're trying to do.
OK, lets put this one to sleep.
1)
I replied to Alfie Steinbach who implied that i was writing malicious
code. Tosh! As I mentioned previously I really couldn't be ars*ed
spending a minute more than I need to in front of a terminal than is
absolutely necessary. Mr. Steinbach is paranoid.
2)
I was trying to reproduce a possible scenario where a string, when
extacted/unmarshalled on server side, could cause a core dump/crash
because of the contents of the string. That's all. I'm not flying
planes into the pentagon here.
thats all. The subject is closed. Geez.
G
Ron Natalie a écrit : Gr**********@gmail.com wrote: ainment. FYI I am debugging a distributed system whereby a string is passed from client to server. The string is inserted client side and extracted server side. I want the server unmarshalling code to fail with a core dump when it attempts to read the string. Hence the question.
get a life you moron!
When you come here asking for free advice with a still ill-defined problem, you should check the insulting attitude at the door.
You still haven't said what platform you want this abomination to work on. I'm still unclear just what you are trying to do. Your better bet would be to invoke some implemetnation defined method to allocate read only memory or such if that's what you're trying to do.
In message <11**********************@g43g2000cwa.googlegroups .com>, Gr**********@gmail.com writes OK, lets put this one to sleep.
Please don't top-post. 1)
I replied to Alfie Steinbach
Did he say you could call him that?
who implied that i was writing malicious code. Tosh! As I mentioned previously I really couldn't be ars*ed spending a minute more than I need to in front of a terminal than is absolutely necessary.
Protestations of innocence don't carry much weight in these parts,
particularly when accompanied by insults.
Mr. Steinbach is paranoid.
ITYM "justifiably suspicious". 2)
I was trying to reproduce a possible scenario where a string, when extacted/unmarshalled on server side, could cause a core dump/crash because of the contents of the string.
You need to work on presentation. Compare and contrast the original
posting:
=====I want to make strcpy cause a core dump;
[...]what (if any) chacters ...of any any type can I put into "source" such that it will crash?
=====
which reads remarkably like a request for malware.
That's all. I'm not flying planes into the pentagon here.
OK, so you're just posting off-topic questions. Questions about faulty
server code would be more appropriately answered in a group dedicated to
the appropriate server. Questions about C string functions are probably
better asked in a C group. thats all. The subject is closed. Geez.
This is Usenet. The subject is closed when nobody else feels like
contributing, not because you say so.
--
Richard Herring
Couldn't agree more Richie. This topic is closed.
G
Richard Herring a écrit : In message <11**********************@g43g2000cwa.googlegroups .com>, Gr**********@gmail.com writes OK, lets put this one to sleep.
Please don't top-post. 1)
I replied to Alfie Steinbach
Did he say you could call him that?
who implied that i was writing malicious code. Tosh! As I mentioned previously I really couldn't be ars*ed spending a minute more than I need to in front of a terminal than is absolutely necessary.
Protestations of innocence don't carry much weight in these parts, particularly when accompanied by insults.
Mr. Steinbach is paranoid.
ITYM "justifiably suspicious".
2)
I was trying to reproduce a possible scenario where a string, when extacted/unmarshalled on server side, could cause a core dump/crash because of the contents of the string.
You need to work on presentation. Compare and contrast the original posting:
=====I want to make strcpy cause a core dump; [...]what (if any) chacters ...of any any type can I put into "source" such that it will crash?
===== which reads remarkably like a request for malware.
That's all. I'm not flying planes into the pentagon here.
OK, so you're just posting off-topic questions. Questions about faulty server code would be more appropriately answered in a group dedicated to the appropriate server. Questions about C string functions are probably better asked in a C group.
thats all. The subject is closed. Geez.
This is Usenet. The subject is closed when nobody else feels like contributing, not because you say so. -- Richard Herring
In message <11**********************@g44g2000cwa.googlegroups .com>, Gr**********@gmail.com top-posted
[please don't top-post] Couldn't agree more Richie. This topic is closed.
So why are you still posting to this thread?
Now, what was your question about C++ again?
--
Richard Herring
The C++ question is closed. I've taken out the national grid of Ukraine
with my malicious c++ code.
Subject closed. No need for any more info. thanks anyways and have a
nice day.
Graham This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Paul Sheer |
last post by:
I need to automatically search and replace all fixed size
buffer strcpy's with strncpy's (or better yet, strlcpy's)
as a security and stability audit. The code base is large
and it is not feasable...
|
by: Ape Ricket |
last post by:
Hi. During my program's set-up phase where it reads in the arguments it
was invoked with, I programmed this:
if (strcmp(argv,"-G") ==0)
{
geom_scaling = ON;
if (i < argc-1)...
|
by: Pascal Damian |
last post by:
I read somewhere that strcpy() is safer when dealing with malloc()-ed
strings. Is that true?
(Of course I know that both are unsafe).
--
Pascal
|
by: Matt |
last post by:
I have 2 questions:
1. strlen returns an unsigned (size_t) quantity. Why is an unsigned
value more approprate than a signed value? Why is unsighned value less
appropriate?
2. Would there...
|
by: Lee |
last post by:
Hi
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). Is this due to the
possibility of array overflow? Is it correct that the program...
|
by: naren |
last post by:
Iam not getting the correct pros and cons of the strcpy() and memcpy()
some where i read for short strings strcpy is faster and for large
strings memcpy is faster..
in strcpy() there is a single...
|
by: Jake Thompson |
last post by:
I need to copy a value into a char * field.
I am currently doing this
strcpy(cm8link.type,"13");
but I get an error of
error C2664: 'strcpy' : cannot convert parameter 1 from 'const char'...
|
by: jim |
last post by:
i want to make a c file that i can 'scanf ' students scores of 2
classes and their names , and i want it to get the sum of the 2 scores
and make them in order .at last 'printf'
/*am sorry,my...
|
by: edu.mvk |
last post by:
Hi
I am using strcpy() in my code for copying a string to another string.
i am using static char arrays.
for the first time it is exected correctly but the second time the
control reaches...
|
by: arnuld |
last post by:
I have created my own implementation of strcpy library function. I would
like to have comments for improvements:
/* My version of "strcpy - a C Library Function */
#include <stdio.h>...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |