stack overflow help? 
Author Message
 stack overflow help?

I'm trying to write a program for a class, but I'm having difficulty getting
the overflow to work... I was wondering if it was due to my
hardware/software.

CPU: P4 1.5 socket 423
OS: Mandrake 9.1

I can't seem to get the program to overflow consistent with
logic when using a for loop to fill up a char array. I WAS, however, able to
this using gets()... but I don't want to spend my time typing in the
long string of hex for the asm commands.

 *This works: *
 (If I put a string longer than 10 chars)

         char small[10]; gets (small);

 * However, this DOES NOT:
 (when I use gdb, then "run"... it says program exited normally & and
  don't get the usual segmentation fault.)

   char buff[10];
   int main()
   {
           int i;
           for(i=0;i<100;i++)
           {
                   buff[i]='A';
           }
   return(0);
   }

 It seems to work if I make the max value REALLY big like 10k. Would
 you have any clue why this is failing to run?
--



Sun, 09 Oct 2005 04:18:30 GMT  
 stack overflow help?

Quote:

> I'm trying to write a program for a class, [...]

Good luck.  Before we help you, can you give us your instructor's
e-mail address so we can make sure that we get proper credit for
whatever you turn in?  Thanks.

--

San Diego Supercomputer Center           <*>  <http://www.sdsc.edu/~kst>
Schroedinger does Shakespeare: "To be *and* not to be"
--



Mon, 10 Oct 2005 03:30:42 GMT  
 stack overflow help?

comp.lang.c.moderated:

Quote:
> I'm trying to write a program for a class, but I'm having difficulty getting
> the overflow to work... I was wondering if it was due to my
> hardware/software.

> CPU: P4 1.5 socket 423
> OS: Mandrake 9.1

> I can't seem to get the program to overflow consistent with
> logic when using a for loop to fill up a char array. I WAS, however, able to
> this using gets()... but I don't want to spend my time typing in the
> long string of hex for the asm commands.

>  *This works: *
>  (If I put a string longer than 10 chars)

>          char small[10]; gets (small);

The gets() function should never be used in an actual C program under
any circumstances.  There is absolutely no way it can be used safely.

If you type in more than 9 characters before hitting the Return or
Enter key, the gets() function writes characters past the end of the
array the result is undefined behavior.

- Show quoted text -

Quote:
>  * However, this DOES NOT:
>  (when I use gdb, then "run"... it says program exited normally & and
>   don't get the usual segmentation fault.)

>    char buff[10];
>    int main()
>    {
>            int i;
>            for(i=0;i<100;i++)
>            {
>                    buff[i]='A';
>            }
>    return(0);
>    }

>  It seems to work if I make the max value REALLY big like 10k. Would
>  you have any clue why this is failing to run?

The same thing happens in your second example, namely undefined
behavior.  Whatever the result is, it is just as correct or incorrect
as any other result.  Once you invoke undefined behavior, the C
standard literally places no requirements on what happens next.  You
no longer have a C program.

What you are questioning is why the results of this particular form of
undefined behavior are different depending on how you define the array
that you overflow.  This is not a C language question, once you
overflow the array you have left the world of C behind.  A different
compiler might exhibit different results from these two examples.
Even the same compiler with different command line options might.

Undefined behavior in C is just like the result of dividing by 0 in
mathematics.  There is no correct result.

Your program is broken, you need to fix it.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++ ftp://snurse-l.org/pub/acllc-c++/faq
--



Mon, 10 Oct 2005 03:31:30 GMT  
 stack overflow help?

Quote:

> I'm trying to write a program for a class, but I'm having difficulty getting
> the overflow to work... I was wondering if it was due to my
> hardware/software.

What else could it be due to?

Quote:
> I can't seem to get the program to overflow consistent with
> logic when using a for loop to fill up a char array.

What logic?  You shouldn't expect consistency when you violate
requirements that are imposed by the C language standard (and
therefore potentially by implementations) upon C programs.

Quote:
>  *This works: *

Funny definition of "works".

Quote:
>  (If I put a string longer than 10 chars)
>          char small[10]; gets (small);

Yeah, that easily overruns the buffer.  What are the symptoms*
when this "works"?  And can you explain them?

Quote:
>  * However, this DOES NOT:
>  (when I use gdb, then "run"... it says program exited normally & and
>   don't get the usual segmentation fault.)

There is no guarantee that buffer overrun will produce a
segmentation fault.

Quote:
>    char buff[10];
>    int main()
>    { ...

Very likely, there is other data with external linkage embedded
in the object code of your program, such as certain state variables
used by some standard library functions.  When your overrun clobbers
them, maybe it doesn't matter because they aren't being used at the
time.
--



Mon, 10 Oct 2005 03:31:44 GMT  
 stack overflow help?
On 22 Apr 2003 20:18:30 GMT

Quote:

> I'm trying to write a program for a class, but I'm having difficulty

Why on earth would a class want you to cause an overflow?

Quote:
> getting the overflow to work... I was wondering if it was due to my
> hardware/software.

> CPU: P4 1.5 socket 423
> OS: Mandrake 9.1

> I can't seem to get the program to overflow consistent with
> logic when using a for loop to fill up a char array. I WAS, however,
> able to this using gets()... but I don't want to spend my time typing
> in the long string of hex for the asm commands.

>  *This works: *
>  (If I put a string longer than 10 chars)

>          char small[10]; gets (small);

What do you mean, it works? Does the sun go super nova?

Quote:
>  * However, this DOES NOT:
>  (when I use gdb, then "run"... it says program exited normally & and
>   don't get the usual segmentation fault.)

>    char buff[10];
>    int main()
>    {
>            int i;
>            for(i=0;i<100;i++)
>            {
>                    buff[i]='A';
>            }
>    return(0);
>    }

>  It seems to work if I make the max value REALLY big like 10k. Would
>  you have any clue why this is failing to run?

When you invoke undefined behaviour, such as deliberately running off
the end of an array, literally ANYTHING is possible. The memory might be
unused and allocated to your process, in which case the program will run
as if that memory was part of the array, or it might belong to another
process and cause a segment violation, or it might overwrite an
unprotected buffer causing garbage to be written to your HD making you
loose everything on it, or anything else.

Whatever happens, it is nothing to do with the C language and so OT on
this group.
--
Mark Gordon
Paid to be a Geek & a Senior Software Developer
Currently looking for a new job commutable from Slough, Berks, U.K.
Although my email address says spamtrap, it is real and I read it.
--



Mon, 10 Oct 2005 03:32:56 GMT  
 stack overflow help?

Quote:

> I'm trying to write a program for a class, but I'm having difficulty
> getting the overflow to work...

What do you mean, getting a stack overflow to "work"?  From what you
wrote, I think you're looking for the wrong type of symptoms. E.g.,
you don't seem to be using the stack for anything else but the buffer
you're overflowing --- so there's really nothing to be damaged in the
process, and thus no symptoms to be detected.

Putting the offending into a subroutine instead of directly in main()
may help.  As may avoiding any compiler optimization.
--

Even if all the snow were burnt, ashes would remain.
--



Mon, 10 Oct 2005 03:32:58 GMT  
 stack overflow help?

Quote:

> The gets() function should never be used in an actual C program under
> any circumstances.  There is absolutely no way it can be used safely.

Not so; only if the input format is not under sufficient control.
Anyway, most likely the intructor was trying to demonstrate what
problem could arise when using gets().
--



Wed, 12 Oct 2005 01:35:36 GMT  
 stack overflow help?

Quote:


> > The gets() function should never be used in an actual C program
> > under any circumstances.  There is absolutely no way it can be
> > used safely.

> Not so; only if the input format is not under sufficient control.
> Anyway, most likely the intructor was trying to demonstrate what
> problem could arise when using gets().

Didn't Murphy once foul a file?

--

   Available for consulting/temporary embedded and systems.
   <http://cbfalconer.home.att.net>  USE worldnet address!
--



Thu, 13 Oct 2005 06:29:07 GMT  
 stack overflow help?
On 25 Apr 2003 17:35:36 GMT in comp.lang.c.moderated, "Douglas A.

Quote:


>> The gets() function should never be used in an actual C program under
>> any circumstances.  There is absolutely no way it can be used safely.

Frankly, I think use of gets() should make a program
non-conforming, as any use of it can result in undefined
behaviour.

Quote:
>Not so; only if the input format is not under sufficient control.

How can a program control its input -- makes no sense.
I worked with some testers who used to feed any program asking
for an input file its own binary, just to see how it'd handle it.

Quote:
>Anyway, most likely the intructor was trying to demonstrate what
>problem could arise when using gets().

Unlikely the instructor was aware of the issues: not many
actually program in C; they just warm over their Pascal courses
and reword the examples. Look for C programs that do input just
before and also at the end of a while loop, rather than in the
loop condition; statements like i = i + 1 are a dead giveaway.

Thanks. Take care, Brian Inglis         Calgary, Alberta, Canada
--

    fake address                use address above to reply
--



Thu, 13 Oct 2005 06:31:22 GMT  
 stack overflow help?

in comp.lang.c.moderated:

Quote:

> > The gets() function should never be used in an actual C program under
> > any circumstances.  There is absolutely no way it can be used safely.

> Not so; only if the input format is not under sufficient control.
> Anyway, most likely the intructor was trying to demonstrate what
> problem could arise when using gets().

Since all input and output is implementation-defined, I find it hard
to visualize a situation where one could guarantee that "sufficient
control".

I guarantee that the function gets() will never be released in
production code for any project in which I am involved.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++ ftp://snurse-l.org/pub/acllc-c++/faq
--



Thu, 13 Oct 2005 06:31:28 GMT  
 stack overflow help?

Quote:

> How can a program control its input -- makes no sense.

I didn't say the *program* had to be in control of the
input, but anyway sometimes it can be, having itself
written the file it then reads back in.

Quote:
>>Anyway, most likely the intructor was trying to demonstrate what
>>problem could arise when using gets().
> Unlikely the instructor was aware of the issues: not many
> actually program in C; they just warm over their Pascal courses
> and reword the examples.  ...

Surely an assignment to create a buffer overrun would
not be made obliviously, whether for Pascal or C.
--



Fri, 14 Oct 2005 04:41:00 GMT  
 stack overflow help?

Quote:

>> The gets() function should never be used in an actual C program under
>> any circumstances.  There is absolutely no way it can be used safely.
> Not so; only if the input format is not under sufficient control.

The point is that the input format of gets() cannot possibly be unter
sufficient control.  It's stdin, which can mean anything from another
program's piped output to a random keyboard monkey as the source of
input.  
--

Even if all the snow were burnt, ashes would remain.
--



Fri, 14 Oct 2005 04:41:28 GMT  
 stack overflow help?

aachen.de says...

[ ... ]

Quote:
> The point is that the input format of gets() cannot possibly be unter
> sufficient control.  It's stdin, which can mean anything from another
> program's piped output to a random keyboard monkey as the source of
> input.  

Not trying to defend the use of gets, but freopen is a standard
function, so at least in theory a program could write data out to a
file, then use freopen to make gets read from that file.

I doubt this is practical or useful, but it does at least allow the
theoretical possibility of using gets in a reasonably controlled way.

--
    Later,
    Jerry.

The universe is a figment of its own imagination.
--



Sat, 15 Oct 2005 23:44:56 GMT  
 stack overflow help?

Quote:

> > The gets() function should never be used in an actual C program under
> > any circumstances.  There is absolutely no way it can be used safely.

> Not so; only if the input format is not under sufficient control.

IMO, "sufficient control" for gets() involves locks, electric fences,
and a copious amount of {*filter*} gear. Leave them out and someone _will_
pass your program his news spool or something.

Richard
--



Sat, 15 Oct 2005 23:45:20 GMT  
 stack overflow help?

Quote:


>>> The gets() function should never be used in an actual C program under
>>> any circumstances.  There is absolutely no way it can be used safely.

>> Not so; only if the input format is not under sufficient control.

>The point is that the input format of gets() cannot possibly be unter
>sufficient control.  It's stdin, which can mean anything from another
>program's piped output to a random keyboard monkey as the source of
>input.  

Not necessarily, since the invention of freopen().  The program *can*
connect stdin to a file or device that cannot overflow gets' buffer.

E.g. on a Unix system, if you connect stdin to /dev/tty and use a gets
buffer of 4 kB, you should be safe.  On a DOS system, the buffer size is
much lower.

Of course, it is trivial to emulate gets with a scanf call plus a getchar
call in a manner that is 100% safe in a *portable* manner, so there is no
good argument for keeping gets in the standard.

Dan
--
Dan Pop
DESY Zeuthen, RZ group

--



Sat, 15 Oct 2005 23:45:26 GMT  
 
 [ 16 post ]  Go to page: [1] [2]

 Relevant Pages 

1. stack overflow help

2. Stack overflow help sought

3. Stack Overflow ( HELP PLEASE )

4. 3 lines c code has stack overflow, help !

5. Stack Structure and Stack Overflow for CE

6. C++ Builder Stack Overflow Error - Please help - Need to know how to overcome this Debugger Exception

7. Help! Stack Overflow in Recursive

8. HTML help gives a stack overflow?

9. Help! Stack Overflow in Recursive

10. need help with stack overflow

11. VC++ 1.52 Stack Overflow problem pls Help !!!

12. Stack overflow exception

 

 
Powered by phpBB® Forum Software