缓冲区溢出

缓冲区溢出

关注
发信
关注(28)粉丝(399)

c++ - 为什么 GCC 不会发生缓冲区溢出?

我刚刚在学习缓冲区溢出。我试图使用 GCC 复制它。这是我写的代码。

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[])
{
    int value = 5;
    char buffer_one[8], buffer_two[8];

    strcpy(buffer_one, "one");
    strcpy(buffer_two, "two");

    printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
    printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
    printf("[BEFORE] value is at %p and contains %d\n\n", value, value);

    printf("[STRCPY] copying %d bytes into buffer_two\n\n", strlen(argv[1]));
    strcpy(buffer_two, argv[1]);

    printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
    printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
    printf("[BEFORE] value is at %p and contains %d\n\n", value, value);

    return 0;
}

看起来它应该工作,对吧? Buffer_two 和 buffer_one 在内存中彼此相邻。
[BEFORE] buffer_two is at 0x7fff56ff2b68 and contains two
[BEFORE] buffer_one is at 0x7fff56ff2b70 and contains one
[BEFORE] value is at 0x5 and contains 5

然而,不久之后……
[STRCPY] copying 14 bytes into buffer_two

Abort trap: 6

C怎么会认识到这一点?一些黑客如何执行更复杂的实际有效的缓冲区溢出?

最佳答案

在您的情况下,您通过尝试在 14 char s 的内存区域中写入 8 char s 成功地产生了缓冲区溢出。

一旦你写过分配的内存,行为就会变得未定义。所以,Abort 消息就在那里。

相关: undefined behaviour

关于c++ - 为什么 GCC 不会发生缓冲区溢出?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/30485224/

10-12 03:21
Powered by LMLPHP ©2024 缓冲区溢出 0.030353