Re: Studying buffer overflows [maybe OT]

[Eric LeBlanc <inouk () toutatis igt net>]

When you don't pass parameters (ie: f(1)), you must add 4 of more in
addition to pointing to the return address. (even if you have 2, 3 or more
of parameters, it's alway 4)

Here the code:

void
f()
{
  char a[4];
  int *b;

  b = a + 12;
  *b += 0x8;
}

void
main()
{
  int x;

  x = 0;
  f();

  x = 1;

  printf("%d\n", x);
}

To know why, read the dissassembler code from gdb, the answer is in here
:-)

Eric

  


On Mon, 8 Apr 2002, darko wrote:

> Hi all,
>
> I've started to study buffer overflows. I wrote the following code:
>
> void f() {
>         char a[4];
>         int *b;
>         b =  a + 0x8;
>         (*b) += 0x8;
> }
>
> main() {
>         int x;
>         x = 0;
>         f();
>         x = 1;
>         printf("%d\n", x);
> }
>
> I want, after the call to f(), the program jump to printf() so the value of x 
> should remain 0, not 1. I always get segmentation faults, bus errors, etc. 
> and never that fuc*ing "x = 0" !!
> Tested on a Celeron 433, red hat 7.2, gcc 2.96.
>
> byez
> darko