Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > why dosent buffer gets overflowed

Reply
Thread Tools

why dosent buffer gets overflowed

 
 
raashid bhatt
Guest
Posts: n/a
 
      08-22-2008
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

void func(char *p)
{
char i[5];
strcpy(i, p);
}

int main(int argc, char **argv)
{

func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it
system("pause");
return 0;
}

 
Reply With Quote
 
 
 
 
raashid bhatt
Guest
Posts: n/a
 
      08-22-2008
On Aug 21, 10:45*pm, Richard Heathfield <(E-Mail Removed)> wrote:
> raashid bhatt said:
>
> > #include <stdio.h>
> > #include <string.h>
> > #include <stdlib.h>

>
> > void func(char *p)
> > {
> > char i[5];
> > strcpy(i, p);

>
> Subject line: "why dosent buffer gets overflowed"
>
> What makes you think the buffer isn't being overflowed?
>
> > }

>
> > int main(int argc, char **argv)
> > {

>
> > func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it

>
> Then you're trying to store more data in the array than it has room for,
> and you don't provide any safeguards against that, so you're overflowing
> that buffer, and the result is that the program exhibits undefined
> behaviour - i.e. the rules of C don't tell you what will happen.
>
> --
> Richard Heathfield <http://www.cpax.org.uk>
> Email: -http://www. +rjh@
> Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
> "Usenet is a strange place" - dmr 29 July 1999


i am using a debugger to track EIP but its this program exits nornally
 
Reply With Quote
 
 
 
 
Jens Thoms Toerring
Guest
Posts: n/a
 
      08-22-2008
raashid bhatt <(E-Mail Removed)> wrote:
> On Aug 21, 10:45*pm, Richard Heathfield <(E-Mail Removed)> wrote:
> > raashid bhatt said:
> >
> > > #include <stdio.h>
> > > #include <string.h>
> > > #include <stdlib.h>

> >
> > > void func(char *p)
> > > {
> > > char i[5];
> > > strcpy(i, p);

> >
> > Subject line: "why dosent buffer gets overflowed"
> >
> > What makes you think the buffer isn't being overflowed?
> >
> > > }

> >
> > > int main(int argc, char **argv)
> > > {

> >
> > > func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it


You actually supply 11 characters here, don't forget about the
trailing '\0' character!

> > Then you're trying to store more data in the array than it has room for,
> > and you don't provide any safeguards against that, so you're overflowing
> > that buffer, and the result is that the program exhibits undefined
> > behaviour - i.e. the rules of C don't tell you what will happen.


> i am using a debugger to track EIP but its this program exits nornally


Looks as if you have read that using a buffer overrun it's possible
to change the flow of control of a program. But it's luckily not
that simple - you need to understand rather well how things work on
a certain architecture to write a program that exploits a buffer
overrun to achieve that effect (if it's possible at all and which
then only works on the target architecture). In general you can't
predict what happens as the result of a buffer overrun, at least
as far as guarantees go the C language make, it's just undefined
behaviour as Richard pointed out, so it would also be an allowed
result that running the program sets your computer on fire.

Just for fun try to replace your function func() with this:

void func( char *p )
{
int i = 0;
char i[ 5 ];
int j = 0;

printf( "Before strcpy(): i = %d, j = %d\n", i, j )
strcpy( i, p );
printf( "After strcpy(): i = %d, j = %d\n", i, j )
}

It may or may not print out different values for i or j. But if
it does that doesn't mean that it will do the same on a different
machine.
Regards, Jens
--
\ Jens Thoms Toerring ___ http://www.velocityreviews.com/forums/(E-Mail Removed)
\__________________________ http://toerring.de
 
Reply With Quote
 
James Kuyper
Guest
Posts: n/a
 
      08-22-2008
raashid bhatt wrote:
> On Aug 21, 10:45 pm, Richard Heathfield <(E-Mail Removed)> wrote:
>> raashid bhatt said:
>>
>>> #include <stdio.h>
>>> #include <string.h>
>>> #include <stdlib.h>
>>> void func(char *p)
>>> {
>>> char i[5];
>>> strcpy(i, p);

>> Subject line: "why dosent buffer gets overflowed"
>>
>> What makes you think the buffer isn't being overflowed?

....
> i am using a debugger to track EIP but its this program exits nornally


So, why does that make you think that the buffer isn't being overflowed?
 
Reply With Quote
 
raashid bhatt
Guest
Posts: n/a
 
      08-22-2008
On Aug 22, 3:31*am, James Kuyper <(E-Mail Removed)> wrote:
> raashid bhatt wrote:
> > On Aug 21, 10:45 pm, Richard Heathfield <(E-Mail Removed)> wrote:
> >> raashid bhatt said:

>
> >>> #include <stdio.h>
> >>> #include <string.h>
> >>> #include <stdlib.h>
> >>> void func(char *p)
> >>> {
> >>> char i[5];
> >>> strcpy(i, p);
> >> Subject line: "why dosent buffer gets overflowed"

>
> >> What makes you think the buffer isn't being overflowed?

> ...
> > i am using a debugger to track EIP but its this program exits nornally

>
> So, why does that make you think that the buffer isn't being overflowed?


i mean if buffer gets overflowed then EIP should contains my A's and
as per as definition of EIP (pointer to code) which contains A's
should cause the program to crash
 
Reply With Quote
 
Bartc
Guest
Posts: n/a
 
      08-22-2008
raashid bhatt wrote:
> On Aug 22, 3:31 am, James Kuyper <(E-Mail Removed)> wrote:
>> raashid bhatt wrote:
>>> On Aug 21, 10:45 pm, Richard Heathfield <(E-Mail Removed)>
>>> wrote:
>>>> raashid bhatt said:

>>
>>>>> #include <stdio.h>
>>>>> #include <string.h>
>>>>> #include <stdlib.h>
>>>>> void func(char *p)
>>>>> {
>>>>> char i[5];
>>>>> strcpy(i, p);
>>>> Subject line: "why dosent buffer gets overflowed"

>>
>>>> What makes you think the buffer isn't being overflowed?

>> ...
>>> i am using a debugger to track EIP but its this program exits
>>> nornally

>>
>> So, why does that make you think that the buffer isn't being
>> overflowed?

>
> i mean if buffer gets overflowed then EIP should contains my A's and


EIP is a register, it's unlikely to be full of As (or 0x41s).

> as per as definition of EIP (pointer to code) which contains A's
> should cause the program to crash


Since you have a debugger you might like to investigate exactly where those
extra 5 As end up, if anywhere, and what that memory would otherwise have
been used for. Then you can find out why your program doesn't crash.

--
Bartc

 
Reply With Quote
 
Richard Tobin
Guest
Posts: n/a
 
      08-22-2008
In article <(E-Mail Removed)>,
raashid bhatt <(E-Mail Removed)> wrote:

>i mean if buffer gets overflowed then EIP should contains my A's


Why do you think that? When the buffer overflows, the characters
will go into whatever happens to follow the buffer. That may not be
anything important.

-- Richard
--
Please remember to mention me / in tapes you leave behind.
 
Reply With Quote
 
vippstar@gmail.com
Guest
Posts: n/a
 
      08-23-2008
On Aug 22, 5:32 pm, (E-Mail Removed) (Richard Tobin) wrote:
> In article <(E-Mail Removed)>,
> raashid bhatt <(E-Mail Removed)> wrote:
>
> >i mean if buffer gets overflowed then EIP should contains my A's

>
> Why do you think that? When the buffer overflows, the characters
> will go into whatever happens to follow the buffer. That may not be
> anything important.


They don't need to. When the buffer "overflows", what really happends
is that undefined behavior is invoked. Once that happends, that's it.
You can't predict the behavior.
 
Reply With Quote
 
Kenny McCormack
Guest
Posts: n/a
 
      08-23-2008
In article <(E-Mail Removed)>,
<(E-Mail Removed)> wrote:
>On Aug 22, 5:32 pm, (E-Mail Removed) (Richard Tobin) wrote:
>> In article <(E-Mail Removed)>,
>> raashid bhatt <(E-Mail Removed)> wrote:
>>
>> >i mean if buffer gets overflowed then EIP should contains my A's

>>
>> Why do you think that? When the buffer overflows, the characters
>> will go into whatever happens to follow the buffer. That may not be
>> anything important.

>
>They don't need to. When the buffer "overflows", what really happends
>is that undefined behavior is invoked. Once that happends, that's it.
>You can't predict the behavior.


While this is true in the totally artificial CLC/C-Standard sense, it is
not true in the real world.

HTH - no thanks necessary for this obvious correction to your otherwise
stirling post.

 
Reply With Quote
 
Richard Tobin
Guest
Posts: n/a
 
      08-23-2008
In article <(E-Mail Removed)>,
<(E-Mail Removed)> wrote:

>> >i mean if buffer gets overflowed then EIP should contains my A's


>> Why do you think that? When the buffer overflows, the characters
>> will go into whatever happens to follow the buffer. That may not be
>> anything important.


>They don't need to. When the buffer "overflows", what really happends
>is that undefined behavior is invoked. Once that happends, that's it.


Child: [tries to stick his finger in an electric socket]
Parent: Don't do that, it violates safety regulation EIC/3/981b.
Onlooker: The electricity might kill you. Even if it doesn't
this time, it might next time.
Parent: That's not required. What really happens is that you
violate safety regulation EIC/3/981b.

-- Richard
--
Please remember to mention me / in tapes you leave behind.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASP.NET "XSL processor stack has overflowed." Prabu ASP .Net 1 03-05-2007 08:23 AM
findcontrol("PlaceHolderPrice") why why why why why why why why why why why Mr. SweatyFinger ASP .Net 2 12-02-2006 03:46 PM
Detecting line wrap and adding "..." to overflowed words Jason HTML 3 10-14-2006 11:11 AM
Curl dosent in my c++ app dosent seem to be working in apache cgi dannyarcher@gmail.com C++ 1 11-01-2005 01:34 PM
img overflowed by text Rafal 'Raf256' Maj HTML 10 11-19-2003 11:45 AM



Advertisments