#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
}
int main(int argc, char **argv)
{
func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it
system("pause");
return 0;
}
15  1370 
raashid bhatt said:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
What makes you think the buffer isn't being overflowed?
}
int main(int argc, char **argv)
{
func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it
Then you're trying to store more data in the array than it has room for,
and you don't provide any safeguards against that, so you're overflowing
that buffer, and the result is that the program exhibits undefined
behaviour - i.e. the rules of C don't tell you what will happen.
--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
On Aug 21, 10:45*pm, Richard Heathfield <r...@see.sig.invalidwrote:
raashid bhatt said:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
What makes you think the buffer isn't being overflowed?
}
int main(int argc, char **argv)
{
func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it
Then you're trying to store more data in the array than it has room for,
and you don't provide any safeguards against that, so you're overflowing
that buffer, and the result is that the program exhibits undefined
behaviour - i.e. the rules of C don't tell you what will happen.
--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
i am using a debugger to track EIP but its this program exits nornally
raashid bhatt said:
On Aug 21, 10:45 pm, Richard Heathfield <r...@see.sig.invalidwrote:
>raashid bhatt said:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
What makes you think the buffer isn't being overflowed?
}
int main(int argc, char **argv)
{
func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it
Then you're trying to store more data in the array than it has room for,
and you don't provide any safeguards against that, so you're overflowing
that buffer, and the result is that the program exhibits undefined
behaviour - i.e. the rules of C don't tell you what will happen.
i am using a debugger to track EIP but its this program exits nornally
Fine. That's one legal outcome of undefined behaviour caused by overflowing
a buffer. There's nothing in the rules that says the program must crash.
--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
raashid bhatt <ra**********@gmail.comwrote:
On Aug 21, 10:45Â*pm, Richard Heathfield <r...@see.sig.invalidwrote:
raashid bhatt said:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
What makes you think the buffer isn't being overflowed?
}
int main(int argc, char **argv)
{
func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it
You actually supply 11 characters here, don't forget about the
trailing '\0' character!
Then you're trying to store more data in the array than it has room for,
and you don't provide any safeguards against that, so you're overflowing
that buffer, and the result is that the program exhibits undefined
behaviour - i.e. the rules of C don't tell you what will happen.
i am using a debugger to track EIP but its this program exits nornally
Looks as if you have read that using a buffer overrun it's possible
to change the flow of control of a program. But it's luckily not
that simple - you need to understand rather well how things work on
a certain architecture to write a program that exploits a buffer
overrun to achieve that effect (if it's possible at all and which
then only works on the target architecture). In general you can't
predict what happens as the result of a buffer overrun, at least
as far as guarantees go the C language make, it's just undefined
behaviour as Richard pointed out, so it would also be an allowed
result that running the program sets your computer on fire.
Just for fun try to replace your function func() with this:
void func( char *p )
{
int i = 0;
char i[ 5 ];
int j = 0;
printf( "Before strcpy(): i = %d, j = %d\n", i, j )
strcpy( i, p );
printf( "After strcpy(): i = %d, j = %d\n", i, j )
}
It may or may not print out different values for i or j. But if
it does that doesn't mean that it will do the same on a different
machine.
Regards, Jens
--
\ Jens Thoms Toerring ___ jt@toerring.de
\__________________________ http://toerring.de
I think we've had this discussion enough on
other threads, but gets() is always a potential
source of buffer overflow. ;)
--
William Pursell
raashid bhatt wrote:
On Aug 21, 10:45 pm, Richard Heathfield <r...@see.sig.invalidwrote:
>raashid bhatt said:
>>#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
What makes you think the buffer isn't being overflowed?
....
i am using a debugger to track EIP but its this program exits nornally
So, why does that make you think that the buffer isn't being overflowed?
On Aug 22, 3:31*am, James Kuyper <jameskuy...@verizon.netwrote:
raashid bhatt wrote:
On Aug 21, 10:45 pm, Richard Heathfield <r...@see.sig.invalidwrote:
raashid bhatt said:
>#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
What makes you think the buffer isn't being overflowed?
...
i am using a debugger to track EIP but its this program exits nornally
So, why does that make you think that the buffer isn't being overflowed?
i mean if buffer gets overflowed then EIP should contains my A's and
as per as definition of EIP (pointer to code) which contains A's
should cause the program to crash
raashid bhatt said:
On Aug 22, 3:31 am, James Kuyper <jameskuy...@verizon.netwrote:
>raashid bhatt wrote:
On Aug 21, 10:45 pm, Richard Heathfield <r...@see.sig.invalidwrote:
<snip>
>>
>What makes you think the buffer isn't being overflowed?
...
i am using a debugger to track EIP but its this program exits nornally
So, why does that make you think that the buffer isn't being overflowed?
i mean if buffer gets overflowed then EIP should contains my A's and
as per as definition of EIP (pointer to code) which contains A's
should cause the program to crash
Wrong. If the buffer is overflowed, then the C Standard imposes NO
REQUIREMENTS on what should happen - that's what "undefined behaviour"
means. The "it should do this" behaviour you describe is one possibility,
but only one among infinitely many. The program is *not* required to
behave as you expect. What happens is outside the control of the C
language. Your implementation can do anything it likes.
--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
raashid bhatt wrote:
On Aug 22, 3:31 am, James Kuyper <jameskuy...@verizon.netwrote:
>raashid bhatt wrote:
>>On Aug 21, 10:45 pm, Richard Heathfield <r...@see.sig.invalid>
wrote:
raashid bhatt said:
>>>>#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
>>>What makes you think the buffer isn't being overflowed?
...
>>i am using a debugger to track EIP but its this program exits
nornally
So, why does that make you think that the buffer isn't being
overflowed?
i mean if buffer gets overflowed then EIP should contains my A's and
EIP is a register, it's unlikely to be full of As (or 0x41s).
as per as definition of EIP (pointer to code) which contains A's
should cause the program to crash
Since you have a debugger you might like to investigate exactly where those
extra 5 As end up, if anywhere, and what that memory would otherwise have
been used for. Then you can find out why your program doesn't crash.
--
Bartc
In article <df**********************************@t1g2000pra.g ooglegroups.com>,
raashid bhatt <ra**********@gmail.comwrote:
>i mean if buffer gets overflowed then EIP should contains my A's
Why do you think that? When the buffer overflows, the characters
will go into whatever happens to follow the buffer. That may not be
anything important.
-- Richard
--
Please remember to mention me / in tapes you leave behind.
On Aug 22, 5:32 pm, rich...@cogsci.ed.ac.uk (Richard Tobin) wrote:
In article <df3ca2a0-4ad4-4e5e-84d4-5646a9069...@t1g2000pra.googlegroups.com>,
raashid bhatt <raashidbh...@gmail.comwrote:
i mean if buffer gets overflowed then EIP should contains my A's
Why do you think that? When the buffer overflows, the characters
will go into whatever happens to follow the buffer. That may not be
anything important.
They don't need to. When the buffer "overflows", what really happends
is that undefined behavior is invoked. Once that happends, that's it.
You can't predict the behavior.
In article <ea**********************************@w7g2000hsa.g ooglegroups.com>,
<vi******@gmail.comwrote:
>On Aug 22, 5:32 pm, rich...@cogsci.ed.ac.uk (Richard Tobin) wrote:
>In article <df3ca2a0-4ad4-4e5e-84d4-5646a9069...@t1g2000pra.googlegroups.com>,
raashid bhatt <raashidbh...@gmail.comwrote:
>i mean if buffer gets overflowed then EIP should contains my A's
Why do you think that? When the buffer overflows, the characters
will go into whatever happens to follow the buffer. That may not be
anything important.
They don't need to. When the buffer "overflows", what really happends
is that undefined behavior is invoked. Once that happends, that's it.
You can't predict the behavior.
While this is true in the totally artificial CLC/C-Standard sense, it is
not true in the real world.
HTH - no thanks necessary for this obvious correction to your otherwise
stirling post.
In article <ea**********************************@w7g2000hsa.g ooglegroups.com>,
<vi******@gmail.comwrote:
>i mean if buffer gets overflowed then EIP should contains my A's
>Why do you think that? When the buffer overflows, the characters
will go into whatever happens to follow the buffer. That may not be
anything important.
>They don't need to. When the buffer "overflows", what really happends
is that undefined behavior is invoked. Once that happends, that's it.
Child: [tries to stick his finger in an electric socket]
Parent: Don't do that, it violates safety regulation EIC/3/981b.
Onlooker: The electricity might kill you. Even if it doesn't
this time, it might next time.
Parent: That's not required. What really happens is that you
violate safety regulation EIC/3/981b.
-- Richard
--
Please remember to mention me / in tapes you leave behind.
"raashid bhatt" <ra**********@gmail.comwrote in message
news:df**********************************@t1g2000p ra.googlegroups.com...
On Aug 22, 3:31 am, James Kuyper <jameskuy...@verizon.netwrote:
raashid bhatt wrote:
On Aug 21, 10:45 pm, Richard Heathfield <r...@see.sig.invalidwrote:
raashid bhatt said:
>#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
<snip>
i mean if buffer gets overflowed then EIP should contains my A's and
as per as definition of EIP (pointer to code) which contains A's
should cause the program to crash
however...
you need to keep track of the memory layout as well, and although on x86
(implied by reference to EIP) the buffer may overflow and thrash the return
address, one needs to take into account certain things, like exactly how
much is on the stack, how the compiler has organized it, ...
now, as it so happens, you may well have only partially overwritten EBP
here, which will not change the return address, but it may (depending on
compiler and settings) crash if you try to use local variables...
of course, since these kinds of things usually have nefarious uses, I will
refrain from describing the details too much further...
"William Pursell" <bi**********@gmail.comwrote in message
news:f3**********************************@x41g2000 hsb.googlegroups.com...
>
I think we've had this discussion enough on
other threads, but gets() is always a potential
source of buffer overflow. ;)
or, alternatively:
"I wants it bigger buffer";
"why I take this it not gets bigger";
he takes more, and then overflows just prior to crashing...
--
William Pursell
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Ben Collingsworth |
last post by:
Anyone have some efficient source code for implementing a ring buffer?
|
by: Sathyaish |
last post by:
I noticed that gets() reads into the buffer even if the you've not
allocated enough memory. For instance, if you do:
char *str=(char*)malloc(sizeof(char));
printf("Enter something about...
|
by: Bill Sun |
last post by:
Hi,
I have a quetion about to refresh the ostringstream buffer: like this.
ostringstream buffer;
buffer << 245;
// then the buffer.str() = "245";
......
|
by: toton |
last post by:
Hi,
I want a circular buffer or queue like container (queue with array
implementation).
Moreover I want random access over the elements. And addition at tail
and remove from head need to be low...
|
by: bwaichu |
last post by:
Is it generally better to set-up a buffer (fixed sized array) and read
and write to that
buffer even if it is larger than what is being written to it? Or is it
better to allocate memory and...
|
by: Jason |
last post by:
I have a div box with a border, and some padding left and right. It has
some text with different font sizes, and a few icons. I want to cut off
any overflow at the end of the line with "...",...
|
by: John Goche |
last post by:
A lot of C++ code allocates a buffer and initializes
start and end pointers as follows:
+-------------------------------+
+ +
+-------------------------------+
^ ...
|
by: scorro1 |
last post by:
Hey guys,
I am working on a program which is supposed to read input from a file at 100 chars per time, then change the spaces to underscores and reverse the order of the entire document. Now we...
|
by: AAaron123 |
last post by:
trying to understand the below shown code.
After this is run the browser opens a file-save dialog box for saving the
file.
I wonder how it knows I want the file saved?
But more important, the...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
