Run-Time Check Failure #n Question

[Antony]

compiler£ºVisual Studio.Net 2003 (VC7.1)
compile type£ºDebug
problem: wanted more information about the "Run-Time Check Failure
#n",thanks!

Example1:
#include "stdafx.h"
void malice()
{
printf("Hey,you're been attacked.\n");
}

void foo()
{
int *ret;
ret=(int*)&ret+2;
(*ret)=(int)malice;
}

int _tmain(int argc, _TCHAR* argv[])
{
foo();
return 0;
}
Run this program,It prompt:
Run-Time Check Failure #0 - The value of ESP was not properly saved
across a function call. This is usually a result of calling a function
declared with one calling convention with a function pointer declared
with a different calling convention.


Example 2:
#include "stdafx.h"
void foo()
{
int var[2];
var[2] = 0;
}

int _tmain(int argc, _TCHAR* argv[])
{
foo();
return 0;
}
Run this program,It prompt:

Run-Time Check Failure #2 - Stack around the variable 'var' was
corrupted.

Example 3:
#include "stdafx.h"
#include <iostream>
using namespace std;

int a,b;
int _tmain(int argc, _TCHAR* argv[])
{
int c;
cout<<a<<"\n";
cout<<b<<"\n";
cout<<c<<"\n";
return 0;
}
Run this program,It prompt:
Run-Time Check Failure #3 - The variable 'c' is being used without
being defined.

 

[Victor Bazarov]

compiler£ºVisual Studio.Net 2003 (VC7.1)
compile type£ºDebug
problem: wanted more information about the "Run-Time Check Failure
#n",thanks!

Please ask in a newsgroup dedicated to VC++ or to Windows programming.
Your code below has undefined behaviour in C++ terms, and due to that
nothing can be said about any "Run-Time Check Failure" (which is not
defined in C++ either).

Example1:
#include "stdafx.h"
void malice()
{
printf("Hey,you're been attacked.\n");
}

void foo()
{
int *ret;
ret=(int*)&ret+2;
(*ret)=(int)malice;
}

int _tmain(int argc, _TCHAR* argv[])
{
foo();
return 0;
}
[...]

V

 

[red floyd]

compiler£ºVisual Studio.Net 2003 (VC7.1)
compile type£ºDebug
problem: wanted more information about the "Run-Time Check Failure
#n",thanks!

Example1:
#include "stdafx.h"
void malice()
{
printf("Hey,you're been attacked.\n");
}

void foo()
{
int *ret;
ret=(int*)&ret+2;
(*ret)=(int)malice;

Congratulations! You have just invoked UB. Your program may now do
anything, including destroying your hard drive, contacting NORAD and
instigating WWIII, or just giving an indecipherable error message.

}

int _tmain(int argc, _TCHAR* argv[])
{
foo();
return 0;
}

What Victor said. Also, see above comments.

 

[Ben Pope]

compiler：Visual Studio.Net 2003 (VC7.1)
compile type：Debug
problem: wanted more information about the "Run-Time Check Failure
#n",thanks!

Example1:
#include "stdafx.h"

// remove that and turn off precompiled headers.

void malice()
{
printf("Hey,you're been attacked.\n");
}

void foo()
{
int *ret;

// ret is not initialised.

ret=(int*)&ret+2;

// undefined behaviour ret is not initialised
// whats wrong with the below:
ret += 2;

(*ret)=(int)malice;

// Whats with the casting? malice returns nothing, yet you're assigning
it's "return" value to 2 ints past an uninitialised point in memory.

}

// What is the point of the above function?
// Why are you casting so much?

int _tmain(int argc, _TCHAR* argv[])

int main
// there is no _tmain, and there is no _TCHAR in standard c++

{
foo();
return 0;
}
Run this program,It prompt:
Run-Time Check Failure #0 - The value of ESP was not properly saved
across a function call. This is usually a result of calling a function
declared with one calling convention with a function pointer declared
with a different calling convention.

Well, to be fair, if it hadn't crashed, I would be suprised. You are
trying hard to make it crash.

Example 2:
#include "stdafx.h"
void foo()
{
int var[2];

// memory for two ints

var[2] = 0;

// writing to the third int, which doesn't exist.

}

int _tmain(int argc, _TCHAR* argv[])
{
foo();
return 0;
}
Run this program,It prompt:

Run-Time Check Failure #2 - Stack around the variable 'var' was
corrupted.

Again, writing to memory that doesn't belong to you.

Example 3:
#include "stdafx.h"
#include <iostream>
using namespace std;

int a,b;

// uninitialised

int _tmain(int argc, _TCHAR* argv[])
{
int c;

// uninitialised

cout<<a<<"\n";

// a is uninitialised

cout<<b<<"\n";
cout<<c<<"\n";
return 0;
}
Run this program,It prompt:
Run-Time Check Failure #3 - The variable 'c' is being used without
being defined.

c IS defined, it's just not initialised.

You need a C++ book. You REALLY need a C++ book.

Ben Pope

 

[Jay_Nabonne]

// Whats with the casting? malice returns nothing, yet you're assigning
it's "return" value to 2 ints past an uninitialised point in memory.

Actually, he's assigning the function address. Looks to me like he's
trying to create a stack exploit by setting a function address onto the
return stack.

- Jay

 

[Ben Pope]

Actually, he's assigning the function address. Looks to me like he's
trying to create a stack exploit by setting a function address onto the
return stack.

Ahh, now it makes sense. I got lost in all the mess.

Ben Pope

 

[Gavin Deane]

// uninitialised

a and b have static storage duration so are zero initialised.

int _tmain(int argc, _TCHAR* argv[])
{
int c;

// uninitialised

cout<<a<<"\n";

// a is uninitialised

No, a is initialised, as is b. c is not, hence the error message
complaining about c but not a or b (that being just one of the infinite
possible outcomes of undefined behaviour).

c IS defined, it's just not initialised.

You need a C++ book. You REALLY need a C++ book.

Yep

Gavin Deane

 

[Daniel T.]

compiler£ºVisual Studio.Net 2003 (VC7.1)

compile type£ºDebug
problem: wanted more information about the "Run-Time Check Failure
#n",thanks!

Your code invokes undefined behavior, as such the compiler can do
whatever it wants, apparently what it chose to do was produce these
diagnostics.

Example1:
#include "stdafx.h"
void malice()
{
printf("Hey,you're been attacked.\n");
}

void foo()
{
int *ret;
ret=(int*)&ret+2;
(*ret)=(int)malice;
}

int tmain(int argc, TCHAR* argv[])
{
foo();
return 0;
}
Run this program,It prompt:
Run-Time Check Failure #0 - The value of ESP was not properly saved
across a function call. This is usually a result of calling a
function declared with one calling convention with a function
pointer declared with a different calling convention.

Do you know what this code does? It creates an int* on the stack, then
assigns it a value of some memory location near it on the stack, then
assigns the memory location of the malice function (as a value) to the
memory location it found. ICK!

Example 2:
#include "stdafx.h"
void foo()
{
int var[2];
var[2] = 0;
}

int tmain(int argc, TCHAR* argv[])
{
foo();
return 0;
}
Run this program,It prompt:

Run-Time Check Failure #2 - Stack around the variable 'var' was
corrupted.

Here you create a two element array (var[2]) then assign 0 to the
memory location just past the end of that array (var[2] = 0). The
proper locations in var are var[0] and var[1]... There is no var[2].

Just like the previous code, you are corrupting the stack.

Example 3:
#include "stdafx.h"
#include <iostream>
using namespace std;

int a,b;
int tmain(int argc, TCHAR* argv[])
{
int c;
cout<<a<<"\n";
cout<<b<<"\n";
cout<<c<<"\n";
return 0;
}
Run this program,It prompt:
Run-Time Check Failure #3 - The variable 'c' is being used without
being defined.

That's an odd one. 'c' is defined, but it hasn't been assigned a
value. ('a' and 'b' are automatically assigned 0 because they are
global.)

 

[Jim Langston]

compiler£ºVisual Studio.Net 2003 (VC7.1)
compile type£ºDebug
problem: wanted more information about the "Run-Time Check Failure
#n",thanks!

Example1:
#include "stdafx.h"
void malice()
{
printf("Hey,you're been attacked.\n");
}

void foo()
{
int *ret;
ret=(int*)&ret+2;
(*ret)=(int)malice;
}
int _tmain(int argc, _TCHAR* argv[])
{
foo();
return 0;
}
Run this program,It prompt:
Run-Time Check Failure #0 - The value of ESP was not properly saved
across a function call. This is usually a result of calling a function
declared with one calling convention with a function pointer declared
with a different calling convention.

It's quite obvious you are trying to corrupt the stack and place the address
of your function in place of the address of the calling function on the
stack. It's also quite obvious that you only have enough brains to shoot
yourself in the foot. Why are you surprised by an error reporting a
corrupted stack pushed register when you screwed it up?

Example 2:
#include "stdafx.h"
void foo()
{
int var[2];
var[2] = 0;
}

int _tmain(int argc, _TCHAR* argv[])
{
foo();
return 0;
}
Run this program,It prompt:

Run-Time Check Failure #2 - Stack around the variable 'var' was
corrupted.

Here is a buffer overflow attempting the same thing as above. Again, why
are you surprised?

Example 3:
#include "stdafx.h"
#include <iostream>
using namespace std;

int a,b;
int _tmain(int argc, _TCHAR* argv[])
{
int c;
cout<<a<<"\n";
cout<<b<<"\n";
cout<<c<<"\n";
return 0;
}
Run this program,It prompt:
Run-Time Check Failure #3 - The variable 'c' is being used without
being defined.

Re-read the error message and I'm fairly sure it'll say it's being used
without being initialized, not defined.

The only comfort I have that with your level of expertise you won't be
writing a worm to affect the internet anytime soon.