qarnos said:
If you are having problems with that code, it's because you are
forgetting to use the sizeof operator.
int main(void) {
int a[10], b[10];
memcpy(a, b, sizeof(int) * 10);
return 0;
}
Since the C standard states, that
sizeof(char) <= sizeof( any_other_type )
the only thing that might happen is, that "too few" elements are
copied. Otherwise the code shows no undefined behaviour:
* 'a' and 'b' don't overlap
* 'a' and 'b' are allocated (automatically)
Surely the contents are uninitialized, but sometimes one might
_want_ to read out the contents of uninitialized memory (either
to initialize some entropy pool^1, or for data forensics^2).
Wolfgang Draxinger
[1]: OpenSSL does this - and the Debian folks "corrected" it away
resulting in the Debian-OpenSSL desaster.
[2]: like in: Inject some shell code into an application, call
the forensics function, exploiting knowledge about the
implementation, e.g. that this certain implementation uses a
stack and with the following code
void foo()
{
unsigned char test[32];
/* do something on test */
}
void bar()
{
unsigned char gotcha[1024];
}
void baz()
{
foo(); /* somehow inject a call to bar after foo here */
/* -> */ bar(); /* On certain architectures utilizing a stack,
like the x86, bar's 'gotcha' will now
contain the last contents of
foo's 'test' */
}
This technique is usefull, if you can't run a debugger on the
system, but can inject shellcode (through some exploit e.g.)