Stack corruption due to array bound overwrite - Programmers Heaven

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

Stack corruption due to array bound overwrite

deathdeath hellPosts: 1Member

Hi,

I am trying to write a program where because of overwriting an array beyond its limit, the next stack memory gets modified. 

include <stdio.h>

int main(void) {

 char str[5];
 unsigned int a =10000;
 unsigned int ipaddr2 = 3774939393;
 unsigned int ipaddr1[2] = {3774939393, 5678};

 memcpy(&str, &ipaddr2, sizeof(int));
 printf("%d\n", a);
 a = a + 1;
 memcpy(&str, &ipaddr1, 2 * sizeof(int));
 printf("%d\n", a);

}

I was expecting that "memcpy(&str, &ipaddr1, 2 * sizeof(int))" writes 8 bytes and therefor corrupts "int a". However the second printf shows correct value. Why it is not crashing or why not showing corrupt value for a?

./a.out

10000 10001

Thanks

Comments

  • tienkhoanguyentienkhoanguyen houPosts: 158Member

    a is a variable and has nothing to do with memcpy. It is independent and you have not done anything with a. I do not know how your particular computer maps or stores the variable 'a' so I can only tell you that unless it is a pointer to an address of a memory area it will not make any difference. It is safe.

  • tienkhoanguyentienkhoanguyen houPosts: 158Member

    Jesus Christ!hehe I am just a nobody. In more advance programming classes, you learn about direct memory access. At the most advance stages of programming, you can access all areas of the memory. However doing so is not usually advantageous unless you are doing very fast operations like graphics movements. An example of the fastest access to a graphics memory direct access is raster interrupt programming. This is just for those of you who are thinking about programming a game in the future. Anyways, raster interrupt is a state when you catch a raster scan line across the screen. It goes so fast that you might be able to see glimpses of updates going all the way down. Anyways, these are advance topics which are possible in C. I grew up programming in Basic and Assembly and it was a long time ago. So I am only just getting back with C. Borland Turbo C 2.01 hint hint (aside joke).

  • deathdeath hellPosts: 1Member

    Why not? str[5] takes 5 bytes. And 'a' comes after that. So via memcpy if I write 8 bytes of data on str then that should overwrite 'a' value also. right?

  • tienkhoanguyentienkhoanguyen houPosts: 158Member

    I do not know. Each character is 1 byte. This means it can hold a value from 0 to 255 for the first character. 2^(8*5) equals 2^40. Anywaysif you overwrite a 5 byte character with an 8 byte character, you have to know how your particular computer stores the values. If it stored 'a' right after the 5 byte then it should overwrite it. So 'yes' you are right if that is the case. However, in this instance, it seems the variable 'a' is stored somewhere else other than immediately right after where it stores str.

Sign In or Register to comment.