Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > low-level question

Reply
Thread Tools

low-level question

 
 
jesso
Guest
Posts: n/a
 
      08-30-2005
I couldn't get this on a midterm. Darn!

Anyone want to help?

1. Why does the following program output a 0?
2. Explain in detail.
3. How could you prevent this outcome without changing the code?


#include <stdio.h>
#include <string.h>

int
main( int argc, char *argv[] )
{
int ii = 1;
char buf[ 4 ];

strcpy( buf, "AAAA" );

printf( "%d\n", ii );

return 0;
}

 
Reply With Quote
 
 
 
 
Lew Pitcher
Guest
Posts: n/a
 
      08-30-2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jesso wrote:
> I couldn't get this on a midterm. Darn!
>
> Anyone want to help?
>
> 1. Why does the following program output a 0?


The program does not /necessarily/ output a 0. The program invokes
undefined behaviour, and /any/ output (or lack of output) is valid.

> 2. Explain in detail.


buf is defined as an array of 4 characters (char buf[4]
However, the program uses the standard function strcpy() to modify the
contents of this array. The string given to strcpy() to copy into buf
consists of 4 characters, /plus/ a string-termination character of \0.

When strcpy() copies the initialization string into buf, it will copy 4
characters (which will fit into buf, as buf is defined as a 4 character
array), and will terminate the copied string with a \0 character. This
terminating character will not fit within the confines of buf (which is
already full), and will be written to some other area of memory.

Assuming specific environmental and compiler characteristics, this \0
character /may/ be written in such a manner as to overwrite the
significant bits of the ii variable, setting ii to 0.

*However*, there is no guarantee that this can happen. It would require
- - ii to start /immediately/ after buf in memory, and
- - ii to be stored as a 'little-endian' binary value

There is no guarantee, from the code and details provided, that the
compiler will
- - align ii to a 4-byte boundary,
- - order ii to /follow/ buf in memory, or
- - store int values as little-endian binary numbers

> 3. How could you prevent this outcome without changing the code?


Don't run the program.

>
> #include <stdio.h>
> #include <string.h>
>
> int
> main( int argc, char *argv[] )
> {
> int ii = 1;
> char buf[ 4 ];
>
> strcpy( buf, "AAAA" );
>
> printf( "%d\n", ii );
>
> return 0;
> }
>



- --

Lew Pitcher, IT Specialist, Enterprise Data Systems
Enterprise Technology Solutions, TD Bank Financial Group

(Opinions expressed here are my own, not my employer's)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFDFFRJagVFX4UWr64RAgk8AJ90VvPuywZWEnLXgjgDM0 bd/udhRQCgvu3U
+cNqEFIlcQbqc1J8T1BxITo=
=Jp1t
-----END PGP SIGNATURE-----
 
Reply With Quote
 
 
 
 
Zara
Guest
Posts: n/a
 
      08-30-2005
jesso wrote:
> char buf[ 4 ];
>
> strcpy( buf, "AAAA" );

Here, you are copying 5 bytes in 4 byte space (remeber the terminating
null byte). So, you may have *any* unexpected behaviour. For instance,
printing a zero. But it could have been an expeption, a segment
violation, or your computer connecting to some web porn site.

 
Reply With Quote
 
Robert Gamble
Guest
Posts: n/a
 
      08-30-2005
jesso wrote:
> I couldn't get this on a midterm. Darn!
>
> Anyone want to help?
>
> 1. Why does the following program output a 0?
> 2. Explain in detail.
> 3. How could you prevent this outcome without changing the code?
>
>
> #include <stdio.h>
> #include <string.h>
>
> int
> main( int argc, char *argv[] )
> {
> int ii = 1;
> char buf[ 4 ];
>
> strcpy( buf, "AAAA" );
>
> printf( "%d\n", ii );
>
> return 0;
> }


It is undefined behavior in C because you are writing past the end of
an arry ("AAAA" is 5 characters, buf is 4). Since it is undefined
behavior, anything can happen. There might be certain behaviors that
are more likely to occur than others due to nuances of your specific
platform but I can't think of anything plausible that would account for
the behavior suggested by the question.

If ii was char then it might be plausible for ii to be located
immediately following the space allocated for buf in which case the
'\0' at the end of the string being copied may be written to ii making
it's value 0. This is still undefined behavior according to the
Standard though and would be completely implementation dependant.

Is this for a general C class or a compiler construction/assembly/etc
class?

Robert Gamble

 
Reply With Quote
 
Gordon Burditt
Guest
Posts: n/a
 
      08-30-2005
>I couldn't get this on a midterm. Darn!
>
>Anyone want to help?
>
>1. Why does the following program output a 0?


Who says it does? The standard certainly doesn't require it.

>2. Explain in detail.


There are no guarantees that if you overflow an array, it will overflow
into the variable declared immediately after it. (On some linkers,
it will overflow into the variable *alphabetically* after it, given
that they're both auto variables in the same function.) There are also
no guarantees that this code is running on an endian machine.

>3. How could you prevent this outcome without changing the code?


Don't run it? Run on a non-endian machine? Kill the author
of the code?

>
>
>#include <stdio.h>
>#include <string.h>
>
>int
>main( int argc, char *argv[] )
>{
> int ii = 1;
> char buf[ 4 ];
>
> strcpy( buf, "AAAA" );
>
> printf( "%d\n", ii );
>
> return 0;
>}
>



 
Reply With Quote
 
jesso
Guest
Posts: n/a
 
      08-30-2005
I had this question years ago on a midterm and just seen it on a job
posting.

The company said if you answer the question intelligently then u will
get an interview.

I am not applying, but was curious on what the answers were.

It is undefined behaviour. By saying " Why does the following program
output a 0?", must be a trick.

 
Reply With Quote
 
jesso
Guest
Posts: n/a
 
      08-30-2005
>From the ad:

Still I wonder what they are looking for with:
"How could you prevent this outcome without changing the code?"

This is an
"
ASM/C Developer/Analyst - Linux platform

Developer/analyst with strong skills in assembler and C on Linux.
"

=============

QUIZ QUESTION:

If you can answer this question intelligently, you are guaranteed an
interview (please remember to attach your resume):

Why does the following program output a 0? Explain in detail. How
could you prevent this outcome without changing the code?

#include &lt;stdio.h&gt;
#include &lt;string.h&gt;
int main(int argc, char *argv[])
{
int i = 1;
char buf[4];
strcpy(buf, "AAAA");
printf("%d\n", i);
return 0;
}

 
Reply With Quote
 
Mark McIntyre
Guest
Posts: n/a
 
      08-30-2005
On 30 Aug 2005 06:46:57 -0700, in comp.lang.c , "jesso"
<(E-Mail Removed)> wrote:

> Why does the following program output a 0?


Because of how that particular compiler or OS or hardware implements
undefined behaviour, vis writing off the end of an array.

>Explain in detail.


This isn't a C question, its a hardware / OS / compiler question.

>How could you prevent this outcome without changing the code?


Run on different hw/sw which handles the UB differently.
Compile with special "don't allow UB" options.
Don't run the app at all - it has a serious bug.

--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.ungerhu.com/jxh/clc.welcome.txt>

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
 
Reply With Quote
 
Martin Ambuhl
Guest
Posts: n/a
 
      08-30-2005
jesso wrote:
> I couldn't get this on a midterm. Darn!
>
> Anyone want to help?
>
> 1. Why does the following program output a 0?


It is an accident. It could return anything. Buffer overflows don't
result in well-defined behavior.

> 2. Explain in detail.


See above.

> 3. How could you prevent this outcome without changing the code?


You can't fix code without changing it. What are you smoking? A
minimum change to the code (not allowed by the conditions) is to declare
char buf[5]; /* Those spaces around '4' seem to be a clue. */

[broken code follows]


> #include <stdio.h>
> #include <string.h>
>
> int
> main( int argc, char *argv[] )
> {
> int ii = 1;
> char buf[ 4 ];
>
> strcpy( buf, "AAAA" );
>
> printf( "%d\n", ii );
>
> return 0;
> }
>

 
Reply With Quote
 
tedu
Guest
Posts: n/a
 
      08-30-2005
jesso wrote:

> 3. How could you prevent this outcome without changing the code?


compile with -Dii="a = 1, b"

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
question row filter (more of sql query question) =?Utf-8?B?YW5kcmV3MDA3?= ASP .Net 2 10-06-2005 01:07 PM
Quick Question - Newby Question =?Utf-8?B?UnlhbiBTbWl0aA==?= ASP .Net 4 02-16-2005 11:59 AM
Question on Transcender Question :-) eddiec MCSE 6 05-20-2004 06:59 AM
Question re: features of the 831 router (also a 924 question) Wayne Cisco 0 03-02-2004 07:57 PM
Syntax Question - Novice Question sean ASP .Net 1 10-20-2003 12:18 PM



Advertisments