A
asm
Hello all, I need your help on this problem.
I wrote a little program as follows. (BTW, I worked on a new dell
latitude, runing Linux kernel 2.4.19, i686).
Program was compiled with gcc 3.2
void foo() {
char t[20];
strcpy(t, "012345678901234567890123456789012345678");
printf("t is %s\n", t);
}
int main() {
foo();
return 0;
}
Note that I copied 39 characters into the string t, which was defined to
be of 20-byte long. With the '\0' character, t was able to hold 40 bytes
in total. If I just add one more character (so that I'd be copying 41
bytes), I get "invalid instruction error"
I compiled it into assembly code, and the first few lines of 'foo' looks
like this
foo:
pushl %ebp
movl %esp, %ebp
subl $40, %esp
this confirms that the stack frame for "foo" has allocated 40 bytes for
the string t.
I wanted to test the "buffer overflow bug", and tried to overwrite the
returned address of foo, which - as far as I know, should be 48 bytes
from t. However, this does not seem to be the case, as the overwriting
runs fine, and the program returns as if nothing happens.
My questions are:
1. Why allocated 40 bytes on the stack?
2. Is it true the old frame pointer and the return address are right
after those 40 bytes?
Thanks a lot in advance for any hint,
ASM
I wrote a little program as follows. (BTW, I worked on a new dell
latitude, runing Linux kernel 2.4.19, i686).
Program was compiled with gcc 3.2
void foo() {
char t[20];
strcpy(t, "012345678901234567890123456789012345678");
printf("t is %s\n", t);
}
int main() {
foo();
return 0;
}
Note that I copied 39 characters into the string t, which was defined to
be of 20-byte long. With the '\0' character, t was able to hold 40 bytes
in total. If I just add one more character (so that I'd be copying 41
bytes), I get "invalid instruction error"
I compiled it into assembly code, and the first few lines of 'foo' looks
like this
foo:
pushl %ebp
movl %esp, %ebp
subl $40, %esp
this confirms that the stack frame for "foo" has allocated 40 bytes for
the string t.
I wanted to test the "buffer overflow bug", and tried to overwrite the
returned address of foo, which - as far as I know, should be 48 bytes
from t. However, this does not seem to be the case, as the overwriting
runs fine, and the program returns as if nothing happens.
My questions are:
1. Why allocated 40 bytes on the stack?
2. Is it true the old frame pointer and the return address are right
after those 40 bytes?
Thanks a lot in advance for any hint,
ASM