http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56046
Bug #: 56046
Summary: the buffer overflow can escape from the stack
protection in 64-bit linux system
Classification: Unclassified
Product: gcc
Version: 4.6.3
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: ws0...@qq.com
Created attachment 29219
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=29219
the bug code
system version :64-bit Ubuntu 12.04 lts
gcc version: 4.6.3
options:gcc source.c -o source
When compile and run a program with an error which will cause buffer
overflow,the compiler can not dectect it.
The program below can compile and run correctly in my system(also works on my
friend system which is no ubuntu but with gcc version 4.5.0)
#include <stdio.h>
#include <string.h>
main()
{
const char *a="123456789abcdef";
char b[10];
int i=0;
while((b[i]=a[i])!='\0')
++i;
printf("%s,%d\n",b,strlen(b));
return 0;
}
I attempt to copy a string whose length is 15 to a array whose length is 10,and
it compiles and run correctly.The output is "123456789abcdef,15".
p.s. This will not succeed in 32-bit linux system.
