Hello all, I need your help on this problem.
I wrote a little program as follows. (BTW, I worked on a new dell
latitude, runing Linux kernel 2.4.19, i686).
Program was compiled with gcc 3.2
void foo() {
char t[20];
strcpy(t, "012345678901234567890123456789012345678");
printf("t is %s\n", t);
}
int main() {
foo();
return 0;
}
Note that I copied 39 characters into the string t, which was defined to
be of 20-byte long. With the '\0' character, t was able to hold 40 bytes
in total. If I just add one more character (so that I'd be copying 41
bytes), I get "invalid instruction error"
I compiled it into assembly code, and the first few lines of 'foo' looks
like this
foo:
pushl %ebp
movl %esp, %ebp
subl $40, %esp
this confirms that the stack frame for "foo" has allocated 40 bytes for
the string t.
I wanted to test the "buffer overflow bug", and tried to overwrite the
returned address of foo, which - as far as I know, should be 48 bytes
from t. However, this does not seem to be the case, as the overwriting
runs fine, and the program returns as if nothing happens.
My questions are:
1. Why allocated 40 bytes on the stack?
2. Is it true the old frame pointer and the return address are right
after those 40 bytes?
Thanks a lot in advance for any hint,
ASM 3 3314
"asm" <as*@yahoo.com> wrote in message
news:Gs********************@news1.news.adelphia.ne t... Hello all, I need your help on this problem.
I wrote a little program as follows. (BTW, I worked on a new dell latitude, runing Linux kernel 2.4.19, i686).
Program was compiled with gcc 3.2
void foo() { char t[20]; strcpy(t, "012345678901234567890123456789012345678");
Undefined behavior.
printf("t is %s\n", t); }
More undefined behavior. Invocation of a variadic
function with no prototype in scope. int main() { foo(); return 0; }
Note that I copied 39 characters into the string t,
Twenty characters were copied. Whatever happened after
that is undefined.
which was defined to be of 20-byte long. With the '\0' character, t was able to hold 40 bytes
The array 't', by definition, can hold a maximum of
twenty characters. The result of your attempt to
copy characters outside the array is undefined.
in total. If I just add one more character (so that I'd be copying 41 bytes), I get "invalid instruction error"
Or you might get a bloody nose. Or a sex change. Or something
else. Or nothing at all. The behavior is undefined.
I compiled it into assembly code, and the first few lines of 'foo' looks like this
Irrelevant. foo: pushl %ebp movl %esp, %ebp subl $40, %esp
this confirms that the stack frame for "foo" has allocated 40 bytes for the string t.
C has no such thing as 'stack frames'. I wanted to test the "buffer overflow bug",
What you've done is produce undefined behavior. "Testing"
it is meaningless.
and tried to overwrite the returned address of foo, which - as far as I know, should be 48 bytes from t.
No you don't know that, nor can you know anything else
about the program, since it produces undefined behavior.
However, this does not seem to be the case, as the overwriting runs fine, and the program returns as if nothing happens.
The set of possible manifestations of undefined behavior
includes the appearance of normalcy. My questions are:
1. Why allocated 40 bytes on the stack?
Because it rained in Milwaukee last Thursday. 2. Is it true the old frame pointer and the return address are right after those 40 bytes?
Yes. No. Maybe. C knows nothing of 'frame pointers'. Thanks a lot in advance for any hint,
Hint: Don't Do That.
-Mike
asm wrote:
.... snip ... My questions are:
1. Why allocated 40 bytes on the stack?
2. Is it true the old frame pointer and the return address are right after those 40 bytes?
You are OT for c.l.c, which worries about the language, not the
particular implementation. In this case you should see the
appropriate gnu newsgroup, possibly one on gcc.
--
Chuck F (cb********@yahoo.com) (cb********@worldnet.att.net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net> USE worldnet address!
asm <as*@yahoo.com> wrote in message news:<Gs********************@news1.news.adelphia.n et>... Hello all, I need your help on this problem.
I wrote a little program as follows. (BTW, I worked on a new dell latitude, runing Linux kernel 2.4.19, i686).
Program was compiled with gcc 3.2
void foo() { char t[20]; strcpy(t, "012345678901234567890123456789012345678"); printf("t is %s\n", t); }
int main() { foo(); return 0; }
Note that I copied 39 characters into the string t, which was defined to be of 20-byte long. With the '\0' character, t was able to hold 40 bytes in total. If I just add one more character (so that I'd be copying 41 bytes), I get "invalid instruction error" I compiled it into assembly code, and the first few lines of 'foo' looks like this
foo: pushl %ebp movl %esp, %ebp subl $40, %esp
this confirms that the stack frame for "foo" has allocated 40 bytes for the string t.
I wanted to test the "buffer overflow bug", and tried to overwrite the returned address of foo, which - as far as I know, should be 48 bytes from t. However, this does not seem to be the case, as the overwriting runs fine, and the program returns as if nothing happens.
My questions are:
1. Why allocated 40 bytes on the stack?
2. Is it true the old frame pointer and the return address are right after those 40 bytes?
Thanks a lot in advance for any hint, ASM
Hi !
First, allocated space always will be more than 20 bytes, because it
used not only for local variables. It used for save registers, return
address from subroutine, address of previous stack frame etc, depends
of your platform.
See "C function calling conventions" for your compiler.
Accidentally, it takes the same length ( 40 bytes ).
Second, if it is noly one place of allocation code in your function (
that you provide in assembler ), it should be stack space for all,
include frame pointer and return address and saving registers etc.
Regards
Michael This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Kevin Grigorenko |
last post by:
Hello,
I couldn't find an obvious answer to this in the FAQ. My basic question,
is: Is there any difference in allocating on the heap versus the stack? If
heap or stack implementation is not...
|
by: anonymous |
last post by:
Thanks your reply.
The article I read is from
www.hakin9.org/en/attachments/stackoverflow_en.pdf.
And you're right. I don't know it very clearly. And that's why I want
to understand it; for it's...
|
by: bahadir.balban |
last post by:
Hi,
When you define varibles in the middle of your function call (C99),
such as:
if(i == 5) {
int x = 5;
int z = 2;
}
|
by: billr |
last post by:
but ireally does need clearing up ...
Traditionally (i.e. in C++) I might do the following:
SomeObj ptrSomeObj;
for(int i = 0; i < iCount; ++i)
{
ptrSomeObj = new SomeObj();...
|
by: Daniel |
last post by:
I have the following three classes
class A
{
public:
virtual void f() = 0;
};
class B: public A
{
|
by: arcticool |
last post by:
I had an interview today and I got destroyed :(
The question was why have a stack and a heap?
I could answer all the practical stuff like value types live on the
stack, enums are on the stack, as...
|
by: sarathy |
last post by:
Hi all,
I need a few clarifications regarding memory allocaion in C++.
I apologize for the lengthy explanation.
1. In C++, Objects are allocated in heap.
What does heap refer to? Is it an area...
|
by: rover8898 |
last post by:
Hello all,
I used setjmp() in a recent of program of mine (it is not completed, so
I have not the chance to test it out yet). I am not very profocient in
C coding as are some of my co-workers....
|
by: code break |
last post by:
Hi all,
What is the difference between stack pointer and frame pointer ?
Any suggestions are welcome ,,,
|
by: DolphinDB |
last post by:
Tired of spending countless mintues downsampling your data? Look no further!
In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
|
by: ryjfgjl |
last post by:
ExcelToDatabase: batch import excel into database automatically...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM).
In this month's session, we are pleased to welcome back...
|
by: ArrayDB |
last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
|
by: PapaRatzi |
last post by:
Hello,
I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Shællîpôpï 09 |
last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
| |