strcpy

[GrahamJWalsh]

Hi,

I want to make strcpy cause a core dump;

assuming I have;

char* source = new char[10];
char* dest = new char[10];

sprintf(source, "%s", "ninechars");


followed by;

strcpy(dest, source);


what (if any) chacters ...of any any type can I put into "source" such
that it will crash?


Is the answer staring me in the face? I can't do something like

source =0

or

dest = 0

but instead I have to put a character in the source somewhere.


Cheers

GrahamO

 

[Ron Natalie]

Hi,

I want to make strcpy cause a core dump;

There is no portable way to do this.
You're trying to force undefined behavior which
may or may not result in a core dump.

 

[Winbatch]

Hi,

I want to make strcpy cause a core dump;

assuming I have;

char* source = new char[10];
char* dest = new char[10];

sprintf(source, "%s", "ninechars");


followed by;

strcpy(dest, source);


what (if any) chacters ...of any any type can I put into "source" such
that it will crash?


Is the answer staring me in the face? I can't do something like

source =0

or

dest = 0

but instead I have to put a character in the source somewhere.


Cheers

GrahamO

Instead of doing
sprintf(source, "%s", "ninechars");
it might crash if you do
sprintf(source, "%s", 432);

(since you saying what follows is a string, but you are putting a number)

 

[Prawit Chaivong]

There is no portable way to do this.
You're trying to force undefined behavior which
may or may not result in a core dump.

Yes, I agree that it may or may not cause coredump. It's UB.
If you want to use strcpy to cause coredump.
How about this.

{
char *x = "ninechars"; // x point to read-only memory
strcpy(x, "somechars"); // trying to modify x which point to RO
memory, this should crash.
}

By the way, in linux please set ulimit of core file to unlimited.
# ulimit -c unlimited

Regards,
Pui.

 

[GrahamJWalsh]

thanks for those replies. I can use either of the approaches you
mention. Portability wasn't part of the question so is not relevant at
all.

Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;

char* source = new char[10];
char* dest = new char[10];

sprintf(source, "%s", "ninechars");

cout << source << endl;

// here...
int x = <some value>;
source[x] = '<something>';

// this next line will cause a crash after the insertion of
<something> into index // <some value> of the char array.

cout << source << endl;


anybody have any ideas/possibilities there. Forget portability, it's
not relevant.

thanks much

GrahamO

 

[Prawit Chaivong]

thanks for those replies. I can use either of the approaches you
mention. Portability wasn't part of the question so is not relevant at
all.

Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;

char* source = new char[10];
char* dest = new char[10];

sprintf(source, "%s", "ninechars");

cout << source << endl;

// here...
int x = <some value>;
source[x] = '<something>';

// this next line will cause a crash after the insertion of
<something> into index // <some value> of the char array.

cout << source << endl;


anybody have any ideas/possibilities there. Forget portability, it's
not relevant.

thanks much

GrahamO

It's possible
try 'somevalue' > 9
I don't know exactly value.My point is you have to screw up heap.
After that try to allocate heap memory again. It would crash.

The memory that you modify has to be information area of the heap.

Any idea (else) ?
Regards,
Pui

 

[Alf P. Steinbach]

* Prawit Chaivong:

* Graham J Walsh:

It's possible
try 'somevalue' > 9

That's meaningless.

I don't know exactly value.My point is you have to screw up heap.
After that try to allocate heap memory again. It would crash.

Judging from the very pointed questions, "Graham J Walsh" is most
likely hunting for a particular Windows bug that once allowed
hackers to crash their victim's computers.

It's not a good idea to help such people.

 

[Prawit Chaivong]

* Prawit Chaivong:

That's meaningless.


Judging from the very pointed questions, "Graham J Walsh" is most
likely hunting for a particular Windows bug that once allowed
hackers to crash their victim's computers.

I don't know his intention. I just answer the question.
And I'd have thought that it's possible.

 

[GrahamJWalsh]

Oh my gosh you're talking thru your swiss! Can't believe you're posting
such tosh. Get a grip man.

I code to make a living, I would rather be out fishing by a lake with a
beer in my hand so if you think I spend any more time at this terminal
than I have to, you're greatly mistaken. I don't get my kicks from
crashing computers.... women and nice holidays provide me with such
entertainment.

FYI I am debugging a distributed system whereby a string is passed from
client to server. The string is inserted client side and extracted
server side. I want the server unmarshalling code to fail with a core
dump when it attempts to read the string. Hence the question.

get a life you moron!

G

 

[Richard Herring]

Oh my gosh you're talking thru your swiss! Can't believe you're posting
such tosh. Get a grip man.

[...]

Your rant would have more force if we had any idea who you were
addressing it to. Please quote some context when following up.

FYI I am debugging a distributed system whereby a string is passed from
client to server. The string is inserted client side and extracted
server side. I want the server unmarshalling code to fail with a core
dump when it attempts to read the string.

Unless someone wrote the server with a back door, I can't imagine any
self-respecting code that would do what you specify.

 

[Ron Natalie]

thanks for those replies. I can use either of the approaches you
mention. Portability wasn't part of the question so is not relevant at
all.

Is it possible also to write something into the string, say after the
strcpy, so that when I try to read it again, it cores. something like;

It's still not clear what on earth you are trying to do. Invoking
undefined behavior is not something you can rely on the results, being
core dumps or otherwise.

Writing off the end of a "new'd" array probably WONT core dump
immediately. It will assuredly crash later the next time something
is allocated or deallocated.

Do you want to explain what it is you're trying to do? and what platform
you are "NOT CONCERNED ABOUT PORTABILITY" about.

 

[Ron Natalie]

FYI I am debugging a distributed system whereby a string is passed from
client to server. The string is inserted client side and extracted
server side. I want the server unmarshalling code to fail with a core
dump when it attempts to read the string. Hence the question.

get a life you moron!

When you come here asking for free advice with a still ill-defined
problem, you should check the insulting attitude at the door.

You still haven't said what platform you want this abomination to
work on. I'm still unclear just what you are trying to do. Your
better bet would be to invoke some implemetnation defined method to
allocate read only memory or such if that's what you're trying to do.

 

[GrahamJWalsh]

OK, lets put this one to sleep.

1)

I replied to Alfie Steinbach who implied that i was writing malicious
code. Tosh! As I mentioned previously I really couldn't be ars*ed
spending a minute more than I need to in front of a terminal than is
absolutely necessary. Mr. Steinbach is paranoid.

2)

I was trying to reproduce a possible scenario where a string, when
extacted/unmarshalled on server side, could cause a core dump/crash
because of the contents of the string. That's all. I'm not flying
planes into the pentagon here.



thats all. The subject is closed. Geez.



G




Ron Natalie a écrit :

 

[Richard Herring]

OK, lets put this one to sleep.

Please don't top-post.

1)

I replied to Alfie Steinbach

Did he say you could call him that?

who implied that i was writing malicious
code. Tosh! As I mentioned previously I really couldn't be ars*ed
spending a minute more than I need to in front of a terminal than is
absolutely necessary.

Protestations of innocence don't carry much weight in these parts,
particularly when accompanied by insults.

Mr. Steinbach is paranoid.

ITYM "justifiably suspicious".

2)

I was trying to reproduce a possible scenario where a string, when
extacted/unmarshalled on server side, could cause a core dump/crash
because of the contents of the string.

You need to work on presentation. Compare and contrast the original
posting:

=====

I want to make strcpy cause a core dump; [...]
what (if any) chacters ...of any any type can I put into "source" such
that it will crash?

=====
which reads remarkably like a request for malware.

That's all. I'm not flying
planes into the pentagon here.

OK, so you're just posting off-topic questions. Questions about faulty
server code would be more appropriately answered in a group dedicated to
the appropriate server. Questions about C string functions are probably
better asked in a C group.

thats all. The subject is closed. Geez.

This is Usenet. The subject is closed when nobody else feels like
contributing, not because you say so.

 

[GrahamJWalsh]

Couldn't agree more Richie. This topic is closed.

G

Richard Herring a écrit :

OK, lets put this one to sleep.

Please don't top-post.

1)

I replied to Alfie Steinbach

Did he say you could call him that?

who implied that i was writing malicious
code. Tosh! As I mentioned previously I really couldn't be ars*ed
spending a minute more than I need to in front of a terminal than is
absolutely necessary.

Protestations of innocence don't carry much weight in these parts,
particularly when accompanied by insults.

Mr. Steinbach is paranoid.

ITYM "justifiably suspicious".

2)

I was trying to reproduce a possible scenario where a string, when
extacted/unmarshalled on server side, could cause a core dump/crash
because of the contents of the string.

You need to work on presentation. Compare and contrast the original
posting:

=====

I want to make strcpy cause a core dump; [...]
what (if any) chacters ...of any any type can I put into "source" such
that it will crash?

=====
which reads remarkably like a request for malware.

That's all. I'm not flying
planes into the pentagon here.

OK, so you're just posting off-topic questions. Questions about faulty
server code would be more appropriately answered in a group dedicated to
the appropriate server. Questions about C string functions are probably
better asked in a C group.

thats all. The subject is closed. Geez.

This is Usenet. The subject is closed when nobody else feels like
contributing, not because you say so.

 

[Richard Herring]

In message <[email protected]>,
(e-mail address removed) top-posted

[please don't top-post]

Couldn't agree more Richie. This topic is closed.

So why are you still posting to this thread?

Now, what was your question about C++ again?

 

[GrahamJWalsh]

The C++ question is closed. I've taken out the national grid of Ukraine
with my malicious c++ code.

Subject closed. No need for any more info. thanks anyways and have a
nice day.

Graham

 

[sana1990]

template <typename Type>
Node<Type> :: Node(Type x)
{

strcpy(value,x);

nextPtr = NULL;
}


this is not working the strcpy funtion is not working!!!!!!