raashid bhatt said:
raashid bhatt said:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
void func(char *p)
{
char i[5];
strcpy(i, p);
Subject line: "why dosent buffer gets overflowed"
What makes you think the buffer isn't being overflowed?
int main(int argc, char **argv)
{
func("AAAAAAAAAA"); // i have supplied 2 X 5 char to it
You actually supply 11 characters here, don't forget about the
trailing '\0' character!
i am using a debugger to track EIP but its this program exits nornally
Looks as if you have read that using a buffer overrun it's possible
to change the flow of control of a program. But it's luckily not
that simple - you need to understand rather well how things work on
a certain architecture to write a program that exploits a buffer
overrun to achieve that effect (if it's possible at all and which
then only works on the target architecture). In general you can't
predict what happens as the result of a buffer overrun, at least
as far as guarantees go the C language make, it's just undefined
behaviour as Richard pointed out, so it would also be an allowed
result that running the program sets your computer on fire.
Just for fun try to replace your function func() with this:
void func( char *p )
{
int i = 0;
char i[ 5 ];
int j = 0;
printf( "Before strcpy(): i = %d, j = %d\n", i, j )
strcpy( i, p );
printf( "After strcpy(): i = %d, j = %d\n", i, j )
}
It may or may not print out different values for i or j. But if
it does that doesn't mean that it will do the same on a different
machine.
Regards, Jens