Talk:Buffer overflow

From LQWiki
Jump to navigation Jump to search

Isn't as malloc says char str[20]; equivalent to char *str = malloc(sizeof(char)*20);

and pointers are stored on the heap, not on the stack ? And maybe the exception does not come from an invalid return address, but from the program running in an underpriviledge ring ? ThorstenStaerk

cat <<EOF > stack_test.c
int main(void)
{
  int w;
  //char myBuf[20];
}
EOF

sed <stack_test.c 's|//char|char|' >stack_test_with_array.c

[c 1]$ diff <(gcc -S stack_test.c -o -) <(gcc -S stack_test_with_array.c -o -)
1c1
<       .file   "stack_test.c"
---
>       .file   "stack_test_with_array.c"
8c8
<       subl    $8, %esp
---
>       subl    $56, %esp
48 more bites have been reserved on the stack with stack_test_with_array.c Questynux 14:28, January 19, 2007 (EST)

Good example - thanks. User:ThorstenStaerk 20:55, January 19, 2007 (CET)