Vulnerability Development mailing list archives
Re: Studying buffer overflows [maybe OT]
From: Jan Kluka <kluka () ii fmph uniba sk>
Date: Tue, 9 Apr 2002 09:39:43 +0200
Hi, darko, ~/tmp/qqq$ cat > qqq.c void f() { char a[4]; int *b; b = a + 0x8; (*b) += 0x8; } main() { int x; x = 0; f(); x = 1; printf("%d\n", x); } ~/tmp/qqq$ gcc -c qqq.c qqq.c: In function `f': qqq.c:4: warning: assignment from incompatible pointer type ~/tmp/qqq$ objdump -d qqq.o qqq.o: file format elf32-i386 Disassembly of section .text: 00000000 <f>: 0: 55 push %ebp (...) 00000020 <main>: 20: 55 push %ebp 21: 89 e5 mov %esp,%ebp 23: 83 ec 18 sub $0x18,%esp 26: c7 45 fc 00 00 00 00 movl $0x0,0xfffffffc(%ebp) 2d: e8 fc ff ff ff call 2e <main+0xe> 32: c7 45 fc 01 00 00 00 movl $0x1,0xfffffffc(%ebp) (...) 1 2 3 4 5 6 7 The movl instruction you try to skip is 7, not 8, bytes long. The fourth line of f() should read: (*b) += 7; Regards, JKl' On Mon, Apr 08, 2002 at 11:21:01PM +0200, darko wrote:
Hi all, I've started to study buffer overflows. I wrote the following code: void f() { char a[4]; int *b; b = a + 0x8; (*b) += 0x8; } main() { int x; x = 0; f(); x = 1; printf("%d\n", x); } I want, after the call to f(), the program jump to printf() so the value of x should remain 0, not 1. I always get segmentation faults, bus errors, etc. and never that fuc*ing "x = 0" !! Tested on a Celeron 433, red hat 7.2, gcc 2.96. byez darko
Current thread:
- Studying buffer overflows [maybe OT] darko (Apr 08)
- Re: Studying buffer overflows [maybe OT] circut (Apr 09)
- Re: Studying buffer overflows [maybe OT] Larry W. Cashdollar (Apr 09)
- Re: Studying buffer overflows [maybe OT] Jason Barbour (Apr 09)
- Re: Studying buffer overflows [maybe OT] Syzop (Apr 09)
- Re: Studying buffer overflows [maybe OT] Guillaume Morin (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- Re: Studying buffer overflows [maybe OT] nocon (Apr 10)
- Re: Studying buffer overflows [maybe OT] Jan Kluka (Apr 09)
- Re: Studying buffer overflows [maybe OT] SpaceWalker (Apr 09)
- Re: Studying buffer overflows [maybe OT] Matthew Kauffman (Apr 09)
- Re: Studying buffer overflows [maybe OT] Rafal Rajs (Apr 09)
- Re: Studying buffer overflows [maybe OT] Eric LeBlanc (Apr 09)
- <Possible follow-ups>
- Re: Studying buffer overflows [maybe OT] Nasko Oskov (Apr 09)
- Re: Studying buffer overflows [maybe OT] brien mac (Apr 10)
- Re: Studying buffer overflows [maybe OT] circut (Apr 09)