473,320 Members | 2,145 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Question on stack frame allocation space

asm
Hello all, I need your help on this problem.

I wrote a little program as follows. (BTW, I worked on a new dell
latitude, runing Linux kernel 2.4.19, i686).

Program was compiled with gcc 3.2

void foo() {
char t[20];
strcpy(t, "012345678901234567890123456789012345678");
printf("t is %s\n", t);
}

int main() {
foo();
return 0;
}

Note that I copied 39 characters into the string t, which was defined to
be of 20-byte long. With the '\0' character, t was able to hold 40 bytes
in total. If I just add one more character (so that I'd be copying 41
bytes), I get "invalid instruction error"
I compiled it into assembly code, and the first few lines of 'foo' looks
like this

foo:
pushl %ebp
movl %esp, %ebp
subl $40, %esp

this confirms that the stack frame for "foo" has allocated 40 bytes for
the string t.

I wanted to test the "buffer overflow bug", and tried to overwrite the
returned address of foo, which - as far as I know, should be 48 bytes
from t. However, this does not seem to be the case, as the overwriting
runs fine, and the program returns as if nothing happens.

My questions are:

1. Why allocated 40 bytes on the stack?

2. Is it true the old frame pointer and the return address are right
after those 40 bytes?

Thanks a lot in advance for any hint,
ASM

Nov 13 '05 #1
3 3314
"asm" <as*@yahoo.com> wrote in message
news:Gs********************@news1.news.adelphia.ne t...
Hello all, I need your help on this problem.

I wrote a little program as follows. (BTW, I worked on a new dell
latitude, runing Linux kernel 2.4.19, i686).

Program was compiled with gcc 3.2

void foo() {
char t[20];
strcpy(t, "012345678901234567890123456789012345678");
Undefined behavior.
printf("t is %s\n", t);
}
More undefined behavior. Invocation of a variadic
function with no prototype in scope.

int main() {
foo();
return 0;
}

Note that I copied 39 characters into the string t,
Twenty characters were copied. Whatever happened after
that is undefined.
which was defined to
be of 20-byte long. With the '\0' character, t was able to hold 40 bytes
The array 't', by definition, can hold a maximum of
twenty characters. The result of your attempt to
copy characters outside the array is undefined.
in total. If I just add one more character (so that I'd be copying 41
bytes), I get "invalid instruction error"
Or you might get a bloody nose. Or a sex change. Or something
else. Or nothing at all. The behavior is undefined.
I compiled it into assembly code, and the first few lines of 'foo' looks
like this
Irrelevant.

foo:
pushl %ebp
movl %esp, %ebp
subl $40, %esp

this confirms that the stack frame for "foo" has allocated 40 bytes for
the string t.
C has no such thing as 'stack frames'.

I wanted to test the "buffer overflow bug",
What you've done is produce undefined behavior. "Testing"
it is meaningless.
and tried to overwrite the
returned address of foo, which - as far as I know, should be 48 bytes
from t.
No you don't know that, nor can you know anything else
about the program, since it produces undefined behavior.
However, this does not seem to be the case, as the overwriting
runs fine, and the program returns as if nothing happens.
The set of possible manifestations of undefined behavior
includes the appearance of normalcy.

My questions are:

1. Why allocated 40 bytes on the stack?
Because it rained in Milwaukee last Thursday.

2. Is it true the old frame pointer and the return address are right
after those 40 bytes?
Yes. No. Maybe. C knows nothing of 'frame pointers'.


Thanks a lot in advance for any hint,


Hint: Don't Do That.

-Mike
Nov 13 '05 #2
asm wrote:
.... snip ...
My questions are:

1. Why allocated 40 bytes on the stack?

2. Is it true the old frame pointer and the return address are
right after those 40 bytes?


You are OT for c.l.c, which worries about the language, not the
particular implementation. In this case you should see the
appropriate gnu newsgroup, possibly one on gcc.

--
Chuck F (cb********@yahoo.com) (cb********@worldnet.att.net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net> USE worldnet address!
Nov 13 '05 #3
asm <as*@yahoo.com> wrote in message news:<Gs********************@news1.news.adelphia.n et>...
Hello all, I need your help on this problem.

I wrote a little program as follows. (BTW, I worked on a new dell
latitude, runing Linux kernel 2.4.19, i686).

Program was compiled with gcc 3.2

void foo() {
char t[20];
strcpy(t, "012345678901234567890123456789012345678");
printf("t is %s\n", t);
}

int main() {
foo();
return 0;
}

Note that I copied 39 characters into the string t, which was defined to
be of 20-byte long. With the '\0' character, t was able to hold 40 bytes
in total. If I just add one more character (so that I'd be copying 41
bytes), I get "invalid instruction error"
I compiled it into assembly code, and the first few lines of 'foo' looks
like this

foo:
pushl %ebp
movl %esp, %ebp
subl $40, %esp

this confirms that the stack frame for "foo" has allocated 40 bytes for
the string t.

I wanted to test the "buffer overflow bug", and tried to overwrite the
returned address of foo, which - as far as I know, should be 48 bytes
from t. However, this does not seem to be the case, as the overwriting
runs fine, and the program returns as if nothing happens.

My questions are:

1. Why allocated 40 bytes on the stack?

2. Is it true the old frame pointer and the return address are right
after those 40 bytes?

Thanks a lot in advance for any hint,
ASM

Hi !

First, allocated space always will be more than 20 bytes, because it
used not only for local variables. It used for save registers, return
address from subroutine, address of previous stack frame etc, depends
of your platform.
See "C function calling conventions" for your compiler.

Accidentally, it takes the same length ( 40 bytes ).

Second, if it is noly one place of allocation code in your function (
that you provide in assembler ), it should be stack space for all,
include frame pointer and return address and saving registers etc.

Regards
Michael
Nov 13 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

14
by: Kevin Grigorenko | last post by:
Hello, I couldn't find an obvious answer to this in the FAQ. My basic question, is: Is there any difference in allocating on the heap versus the stack? If heap or stack implementation is not...
4
by: anonymous | last post by:
Thanks your reply. The article I read is from www.hakin9.org/en/attachments/stackoverflow_en.pdf. And you're right. I don't know it very clearly. And that's why I want to understand it; for it's...
26
by: bahadir.balban | last post by:
Hi, When you define varibles in the middle of your function call (C99), such as: if(i == 5) { int x = 5; int z = 2; }
7
by: billr | last post by:
but ireally does need clearing up ... Traditionally (i.e. in C++) I might do the following: SomeObj ptrSomeObj; for(int i = 0; i < iCount; ++i) { ptrSomeObj = new SomeObj();...
20
by: Daniel | last post by:
I have the following three classes class A { public: virtual void f() = 0; }; class B: public A {
24
by: arcticool | last post by:
I had an interview today and I got destroyed :( The question was why have a stack and a heap? I could answer all the practical stuff like value types live on the stack, enums are on the stack, as...
16
by: sarathy | last post by:
Hi all, I need a few clarifications regarding memory allocaion in C++. I apologize for the lengthy explanation. 1. In C++, Objects are allocated in heap. What does heap refer to? Is it an area...
15
by: rover8898 | last post by:
Hello all, I used setjmp() in a recent of program of mine (it is not completed, so I have not the chance to test it out yet). I am not very profocient in C coding as are some of my co-workers....
4
by: code break | last post by:
Hi all, What is the difference between stack pointer and frame pointer ? Any suggestions are welcome ,,,
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.