El 11/04/2010 9:06, patrick keshishian escribis:
On Sat, Apr 10, 2010 at 11:37 PM, Jesus Sanchez<zexe...@gmail.com> wrote:
i don't think so. Use gdb and see where you are writing to.
Based on your description of your a.c and b.c, I assume in a.c you
have "char foo;" (global), and in b.c you by mistake have "extern int
foo;".
If your foo variable is at address, say 0x11111111, and you write two
bytes to that address, where foo is in fact a char (single byte), the
other byte will be written to address 0x11111112.
You can test this with a simple example program, where you can declare
other char variables around your foo variable and print all of them
after the foo assignment and see which ones got clobbered.
Then again, maybe I'm misunderstanding your initial problem, you
didn't show your code.
--patrick
Breakpoint 1, main (argc=1, argv=0xfffc8c8c) at a.c:30
30 bar();
(gdb) p&f
$1 = (int *) 0x1842116
(gdb) x/4b 0x1842116
0x1842116<f>: 0x00 0x00 0x00 0x00
bar () at b.c:14
14 f = 0x44332211;
(gdb) n
16 }
(gdb) x/4b 0x1842116
0x1842116<f>: 0x44 0x33 0x22 0x11
(gdb) p&g
$2 = 0x1842117 "3\"\021"
(gdb) p&k
$3 = 0x1842119 "\021"
(gdb) p&l
$4 = 0x1842118 "\"\021"
(gdb) p/x f
$13 = 0x44332211
(gdb) p/x g
$14 = 0x33
(gdb) p/x l
$15 = 0x22
(gdb) p/x k
$16 = 0x11
Looks like the "extern int foo;" confused gdb.
I'm not using extern for the variables,
I assumed you were.
Looking at the code you provided, my initial guess would have been
that foo in b.c and the one declared in a.c would have caused the
linker to complain, but I am wrong.
So, in fact, it looks like the section you found and quoted is the answer.
Declarations and definitions are very tricky for sure, i mean if you
define the foo vars
instead of just declaring them, for example doing a initialization for
all foo vars on a.c:
char foo=5;
char foo1=5;
char foo2=5;
char foo3=5;
then the thing changes drastically because now they have 0xXXX0, 0xXXX1,
0xXXX2, 0xXXX3 addresses, so on overfoo() function you're doing one
perfect example of buffer overflow, even you can try assigning 0x44332211 to
foo on 'b.c' and print them later, it will show something like
foo value is: 0x11
foo1 value is: 0x22
foo2 value is: 0x33
foo3 value is: 0x44
maybe i didn't explained myself very well, you can try to print the
addresses
of the foo vars with and without definition.
see ya.
-J
I learned something today :)
--patrick
anyway
here is the code (to a extremely basic level) using your hint about
making more char variables around foo to show them later:
all compiled with gcc -Wall -W without warning
---------- a.c ------------------------------------------
#include<stdio.h>
char foo;
char foo1;
char foo2;
char foo3;
void overfoo(); /* the func that will overflow the foo variable */
int main(){
overfoo(); /* after calling we have 0x2211 on foo variable */
printf("%x\n",foo);
printf("%x\n",foo1);
printf("%x\n",foo2);
printf("%x\n",foo3);
return 0;
}
---------- b.c ------------------------------------------
int foo; /* here the problem begins */
void overfoo(){
foo=0x2211;
}
---------------------------------------------------------------
after compiling and executing , foo showed 0x11 and other 0x0.
thanks for your time.
-J
