strcpy

Discussion in 'C++' started by GrahamJWalsh@gmail.com, Jun 1, 2005.

  1. Guest

    Hi,

    I want to make strcpy cause a core dump;

    assuming I have;

    char* source = new char[10];
    char* dest = new char[10];

    sprintf(source, "%s", "ninechars");


    followed by;

    strcpy(dest, source);


    what (if any) chacters ...of any any type can I put into "source" such
    that it will crash?


    Is the answer staring me in the face? I can't do something like

    source =0

    or

    dest = 0

    but instead I have to put a character in the source somewhere.


    Cheers

    GrahamO
    , Jun 1, 2005
    #1
    1. Advertising

  2. Ron Natalie Guest

    wrote:
    > Hi,
    >
    > I want to make strcpy cause a core dump;
    >

    There is no portable way to do this.
    You're trying to force undefined behavior which
    may or may not result in a core dump.
    Ron Natalie, Jun 1, 2005
    #2
    1. Advertising

  3. Winbatch Guest

    <> wrote in message
    news:...
    > Hi,
    >
    > I want to make strcpy cause a core dump;
    >
    > assuming I have;
    >
    > char* source = new char[10];
    > char* dest = new char[10];
    >
    > sprintf(source, "%s", "ninechars");
    >
    >
    > followed by;
    >
    > strcpy(dest, source);
    >
    >
    > what (if any) chacters ...of any any type can I put into "source" such
    > that it will crash?
    >
    >
    > Is the answer staring me in the face? I can't do something like
    >
    > source =0
    >
    > or
    >
    > dest = 0
    >
    > but instead I have to put a character in the source somewhere.
    >
    >
    > Cheers
    >
    > GrahamO
    >


    Instead of doing
    sprintf(source, "%s", "ninechars");
    it might crash if you do
    sprintf(source, "%s", 432);

    (since you saying what follows is a string, but you are putting a number)
    Winbatch, Jun 2, 2005
    #3
  4. Ron Natalie wrote:
    > wrote:
    > > Hi,
    > >
    > > I want to make strcpy cause a core dump;
    > >

    > There is no portable way to do this.
    > You're trying to force undefined behavior which
    > may or may not result in a core dump.


    Yes, I agree that it may or may not cause coredump. It's UB.
    If you want to use strcpy to cause coredump.
    How about this.

    {
    char *x = "ninechars"; // x point to read-only memory
    strcpy(x, "somechars"); // trying to modify x which point to RO
    memory, this should crash.
    }

    By the way, in linux please set ulimit of core file to unlimited.
    # ulimit -c unlimited

    Regards,
    Pui.
    Prawit Chaivong, Jun 2, 2005
    #4
  5. Guest

    thanks for those replies. I can use either of the approaches you
    mention. Portability wasn't part of the question so is not relevant at
    all.

    Is it possible also to write something into the string, say after the
    strcpy, so that when I try to read it again, it cores. something like;

    char* source = new char[10];
    char* dest = new char[10];

    sprintf(source, "%s", "ninechars");

    cout << source << endl;

    // here...
    int x = <some value>;
    source[x] = '<something>';

    // this next line will cause a crash after the insertion of
    <something> into index // <some value> of the char array.

    cout << source << endl;


    anybody have any ideas/possibilities there. Forget portability, it's
    not relevant.

    thanks much

    GrahamO
    , Jun 2, 2005
    #5
  6. wrote:
    > thanks for those replies. I can use either of the approaches you
    > mention. Portability wasn't part of the question so is not relevant at
    > all.
    >
    > Is it possible also to write something into the string, say after the
    > strcpy, so that when I try to read it again, it cores. something like;
    >
    > char* source = new char[10];
    > char* dest = new char[10];
    >
    > sprintf(source, "%s", "ninechars");
    >
    > cout << source << endl;
    >
    > // here...
    > int x = <some value>;
    > source[x] = '<something>';
    >
    > // this next line will cause a crash after the insertion of
    > <something> into index // <some value> of the char array.
    >
    > cout << source << endl;
    >
    >
    > anybody have any ideas/possibilities there. Forget portability, it's
    > not relevant.
    >
    > thanks much
    >
    > GrahamO


    It's possible
    try 'somevalue' > 9
    I don't know exactly value.My point is you have to screw up heap.
    After that try to allocate heap memory again. It would crash.

    The memory that you modify has to be information area of the heap.

    Any idea (else) ?
    Regards,
    Pui
    Prawit Chaivong, Jun 2, 2005
    #6
  7. * Prawit Chaivong:
    > * Graham J Walsh:
    > >
    > > Is it possible also to write something into the string, say after the
    > > strcpy, so that when I try to read it again, it cores. something like;

    >
    > It's possible
    > try 'somevalue' > 9


    That's meaningless.

    > I don't know exactly value.My point is you have to screw up heap.
    > After that try to allocate heap memory again. It would crash.


    Judging from the very pointed questions, "Graham J Walsh" is most
    likely hunting for a particular Windows bug that once allowed
    hackers to crash their victim's computers.

    It's not a good idea to help such people.

    --
    A: Because it messes up the order in which people normally read text.
    Q: Why is it such a bad thing?
    A: Top-posting.
    Q: What is the most annoying thing on usenet and in e-mail?
    Alf P. Steinbach, Jun 2, 2005
    #7
  8. Alf P. Steinbach wrote:
    > * Prawit Chaivong:
    > > * Graham J Walsh:
    > > >
    > > > Is it possible also to write something into the string, say after the
    > > > strcpy, so that when I try to read it again, it cores. something like;

    > >
    > > It's possible
    > > try 'somevalue' > 9

    >
    > That's meaningless.
    >
    > > I don't know exactly value.My point is you have to screw up heap.
    > > After that try to allocate heap memory again. It would crash.

    >
    > Judging from the very pointed questions, "Graham J Walsh" is most
    > likely hunting for a particular Windows bug that once allowed
    > hackers to crash their victim's computers.
    >

    I don't know his intention. I just answer the question.
    And I'd have thought that it's possible.

    > It's not a good idea to help such people.
    >
    > --
    > A: Because it messes up the order in which people normally read text.
    > Q: Why is it such a bad thing?
    > A: Top-posting.
    > Q: What is the most annoying thing on usenet and in e-mail?
    Prawit Chaivong, Jun 2, 2005
    #8
  9. Guest

    Oh my gosh you're talking thru your swiss! Can't believe you're posting
    such tosh. Get a grip man.

    I code to make a living, I would rather be out fishing by a lake with a
    beer in my hand so if you think I spend any more time at this terminal
    than I have to, you're greatly mistaken. I don't get my kicks from
    crashing computers.... women and nice holidays provide me with such
    entertainment.

    FYI I am debugging a distributed system whereby a string is passed from
    client to server. The string is inserted client side and extracted
    server side. I want the server unmarshalling code to fail with a core
    dump when it attempts to read the string. Hence the question.

    get a life you moron!

    G
    , Jun 3, 2005
    #9
  10. In message <>,
    writes
    >Oh my gosh you're talking thru your swiss! Can't believe you're posting
    >such tosh. Get a grip man.


    [...]

    Your rant would have more force if we had any idea who you were
    addressing it to. Please quote some context when following up.
    >
    >FYI I am debugging a distributed system whereby a string is passed from
    >client to server. The string is inserted client side and extracted
    >server side. I want the server unmarshalling code to fail with a core
    >dump when it attempts to read the string.


    Unless someone wrote the server with a back door, I can't imagine any
    self-respecting code that would do what you specify.

    > Hence the question.
    >
    >get a life you moron!
    >


    --
    Richard Herring
    Richard Herring, Jun 3, 2005
    #10
  11. Ron Natalie Guest

    wrote:
    > thanks for those replies. I can use either of the approaches you
    > mention. Portability wasn't part of the question so is not relevant at
    > all.
    >
    > Is it possible also to write something into the string, say after the
    > strcpy, so that when I try to read it again, it cores. something like;


    It's still not clear what on earth you are trying to do. Invoking
    undefined behavior is not something you can rely on the results, being
    core dumps or otherwise.

    Writing off the end of a "new'd" array probably WONT core dump
    immediately. It will assuredly crash later the next time something
    is allocated or deallocated.

    Do you want to explain what it is you're trying to do? and what platform
    you are "NOT CONCERNED ABOUT PORTABILITY" about.
    Ron Natalie, Jun 3, 2005
    #11
  12. Ron Natalie Guest

    wrote:
    ainment.
    >
    > FYI I am debugging a distributed system whereby a string is passed from
    > client to server. The string is inserted client side and extracted
    > server side. I want the server unmarshalling code to fail with a core
    > dump when it attempts to read the string. Hence the question.
    >
    > get a life you moron!


    When you come here asking for free advice with a still ill-defined
    problem, you should check the insulting attitude at the door.

    You still haven't said what platform you want this abomination to
    work on. I'm still unclear just what you are trying to do. Your
    better bet would be to invoke some implemetnation defined method to
    allocate read only memory or such if that's what you're trying to do.
    Ron Natalie, Jun 3, 2005
    #12
  13. Guest

    OK, lets put this one to sleep.

    1)

    I replied to Alfie Steinbach who implied that i was writing malicious
    code. Tosh! As I mentioned previously I really couldn't be ars*ed
    spending a minute more than I need to in front of a terminal than is
    absolutely necessary. Mr. Steinbach is paranoid.

    2)

    I was trying to reproduce a possible scenario where a string, when
    extacted/unmarshalled on server side, could cause a core dump/crash
    because of the contents of the string. That's all. I'm not flying
    planes into the pentagon here.



    thats all. The subject is closed. Geez.



    G




    Ron Natalie a écrit :
    > wrote:
    > ainment.
    > >
    > > FYI I am debugging a distributed system whereby a string is passed from
    > > client to server. The string is inserted client side and extracted
    > > server side. I want the server unmarshalling code to fail with a core
    > > dump when it attempts to read the string. Hence the question.
    > >
    > > get a life you moron!

    >
    > When you come here asking for free advice with a still ill-defined
    > problem, you should check the insulting attitude at the door.
    >
    > You still haven't said what platform you want this abomination to
    > work on. I'm still unclear just what you are trying to do. Your
    > better bet would be to invoke some implemetnation defined method to
    > allocate read only memory or such if that's what you're trying to do.
    , Jun 6, 2005
    #13
  14. In message <>,
    writes
    >
    >OK, lets put this one to sleep.


    Please don't top-post.
    >
    >1)
    >
    >I replied to Alfie Steinbach


    Did he say you could call him that?

    >who implied that i was writing malicious
    >code. Tosh! As I mentioned previously I really couldn't be ars*ed
    >spending a minute more than I need to in front of a terminal than is
    >absolutely necessary.


    Protestations of innocence don't carry much weight in these parts,
    particularly when accompanied by insults.

    >Mr. Steinbach is paranoid.


    ITYM "justifiably suspicious".

    >
    >2)
    >
    >I was trying to reproduce a possible scenario where a string, when
    >extacted/unmarshalled on server side, could cause a core dump/crash
    >because of the contents of the string.


    You need to work on presentation. Compare and contrast the original
    posting:

    =====
    >I want to make strcpy cause a core dump;

    [...]
    >what (if any) chacters ...of any any type can I put into "source" such
    >that it will crash?


    =====
    which reads remarkably like a request for malware.

    >That's all. I'm not flying
    >planes into the pentagon here.


    OK, so you're just posting off-topic questions. Questions about faulty
    server code would be more appropriately answered in a group dedicated to
    the appropriate server. Questions about C string functions are probably
    better asked in a C group.

    >
    >thats all. The subject is closed. Geez.


    This is Usenet. The subject is closed when nobody else feels like
    contributing, not because you say so.

    --
    Richard Herring
    Richard Herring, Jun 6, 2005
    #14
  15. Guest

    Couldn't agree more Richie. This topic is closed.

    G

    Richard Herring a écrit :
    > In message <>,
    > writes
    > >
    > >OK, lets put this one to sleep.

    >
    > Please don't top-post.
    > >
    > >1)
    > >
    > >I replied to Alfie Steinbach

    >
    > Did he say you could call him that?
    >
    > >who implied that i was writing malicious
    > >code. Tosh! As I mentioned previously I really couldn't be ars*ed
    > >spending a minute more than I need to in front of a terminal than is
    > >absolutely necessary.

    >
    > Protestations of innocence don't carry much weight in these parts,
    > particularly when accompanied by insults.
    >
    > >Mr. Steinbach is paranoid.

    >
    > ITYM "justifiably suspicious".
    >
    > >
    > >2)
    > >
    > >I was trying to reproduce a possible scenario where a string, when
    > >extacted/unmarshalled on server side, could cause a core dump/crash
    > >because of the contents of the string.

    >
    > You need to work on presentation. Compare and contrast the original
    > posting:
    >
    > =====
    > >I want to make strcpy cause a core dump;

    > [...]
    > >what (if any) chacters ...of any any type can I put into "source" such
    > >that it will crash?

    >
    > =====
    > which reads remarkably like a request for malware.
    >
    > >That's all. I'm not flying
    > >planes into the pentagon here.

    >
    > OK, so you're just posting off-topic questions. Questions about faulty
    > server code would be more appropriately answered in a group dedicated to
    > the appropriate server. Questions about C string functions are probably
    > better asked in a C group.
    >
    > >
    > >thats all. The subject is closed. Geez.

    >
    > This is Usenet. The subject is closed when nobody else feels like
    > contributing, not because you say so.
    >
    > --
    > Richard Herring
    , Jun 6, 2005
    #15
  16. In message <>,
    top-posted

    [please don't top-post]

    >
    >Couldn't agree more Richie. This topic is closed.


    So why are you still posting to this thread?

    Now, what was your question about C++ again?

    --
    Richard Herring
    Richard Herring, Jun 6, 2005
    #16
  17. Guest

    The C++ question is closed. I've taken out the national grid of Ukraine
    with my malicious c++ code.

    Subject closed. No need for any more info. thanks anyways and have a
    nice day.

    Graham
    , Jun 7, 2005
    #17
  18. sana1990

    Joined:
    Apr 21, 2010
    Messages:
    1
    template <typename Type>
    Node<Type> :: Node(Type x)
    {

    strcpy(value,x);

    nextPtr = NULL;
    }


    this is not working the strcpy funtion is not working!!!!!!
    sana1990, Apr 21, 2010
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Mimic

    strcpy

    Mike Mimic, May 16, 2004, in forum: C++
    Replies:
    9
    Views:
    785
    Peter Koch Larsen
    May 17, 2004
  2. Paul Sheer
    Replies:
    7
    Views:
    474
    Paul Sheer
    Sep 10, 2004
  3. Paul Sheer
    Replies:
    4
    Views:
    624
    Paul Sheer
    Sep 14, 2004
  4. RonHiler
    Replies:
    8
    Views:
    503
    John Harrison
    Oct 19, 2004
  5. Replies:
    11
    Views:
    914
    Alex Vinokur
    Jan 20, 2005
Loading...

Share This Page