[英]Why doesn't buffer overflow occur with GCC?
I was just recently learning about buffer overflows. 我刚刚学习缓冲区溢出。 I was attempting to replicate it using GCC.
我试图使用GCC复制它。 Here's the code I wrote.
这是我写的代码。
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
int value = 5;
char buffer_one[8], buffer_two[8];
strcpy(buffer_one, "one");
strcpy(buffer_two, "two");
printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
printf("[BEFORE] value is at %p and contains %d\n\n", value, value);
printf("[STRCPY] copying %d bytes into buffer_two\n\n", strlen(argv[1]));
strcpy(buffer_two, argv[1]);
printf("[BEFORE] buffer_two is at %p and contains %s\n", buffer_two, buffer_two);
printf("[BEFORE] buffer_one is at %p and contains %s\n", buffer_one, buffer_one);
printf("[BEFORE] value is at %p and contains %d\n\n", value, value);
return 0;
}
Seems like it should work, right? 好像它应该工作,对吗? Buffer_two and buffer_one are adjacent from each other in memory.
Buffer_two和buffer_one在内存中彼此相邻。
[BEFORE] buffer_two is at 0x7fff56ff2b68 and contains two
[BEFORE] buffer_one is at 0x7fff56ff2b70 and contains one
[BEFORE] value is at 0x5 and contains 5
However, shortly following this… 然而,在此之后不久......
[STRCPY] copying 14 bytes into buffer_two
Abort trap: 6
How come C recognizes this? C怎么认识到这个? And how can some hackers execute more complex buffer overflows that actually work?
一些黑客如何执行实际工作的更复杂的缓冲区溢出?
In your case, you've successfuly produced a buffer overflow by attempting to write 14
char
s in a memory region of 8
char
s. 在您的情况下,您通过尝试在
8
char
的内存区域中写入14
char
,成功地产生了缓冲区溢出。
As soon as you write past the allocated memory, the behaviour goes undefined. 一旦您写入已分配的内存,行为将不确定。 So, the
Abort
message is there. 所以,
Abort
消息就在那里。
Related: undefined behaviour . 相关: 未定义的行为 。
Why doesn't buffer overflow occur with GCC?
为什么GCC不会发生缓冲区溢出?
Well, it is happenning in your case. 嗯,这种情况正好发生在你的情况下。 That's why, as a side effect you can see the Abort message.
这就是为什么,作为副作用,您可以看到中止消息。
What happens when a buffer overflow occurs is undefined . 发生缓冲区溢出时未完成的情况 。 That means that anything might happen.
这意味着任何事情都可能发生。 For instance, demons may fly from your nose .
例如, 恶魔可能会从你的鼻子飞出来 。
What happened here is that your program crashed. 这里发生的事情是你的程序崩溃了。 Rather boring.
我宁愿无聊的待着。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.