堆栈保护程序适用于strcpy()示例,但不适用于gets()示例
[英]Stack protector works with strcpy() example but not gets() example
问题描述
I am testing the GCC stack protector. 
我正在测试GCC堆栈保护器。 When I overflow the buffer with an unsecure strcpy() function, the stack protector detects what I'm doing and throws the following exception: 当我使用不安全的strcpy()函数溢出缓冲区时,堆栈保护程序检测到我正在做什么并抛出以下异常:
*** stack smashing detected ***: ./a.out terminated
Aborted (core dumped)
When I do the same thing with an unsecure gets() function, I get a segmentation fault instead. 当我使用不安全的gets()函数做同样的事情时,我会得到一个分段错误。
segmentation fault: 11
Why is this happening? 为什么会这样? What is the difference between these two cases? 这两种情况有什么区别? Here is the sample code I have been using 这是我一直在使用的示例代码
gets() example gets()示例
#include <stdio.h>
#include <string.h>
#include <math.h>
#include <stdlib.h>
#include <stdbool.h>
void say_hello (void);
int main (){
printf("Enter your name\n");
say_hello();
return 0;
}
void say_hello (void) {
char name[5];
gets(name); //this is a unsafe function to use. Results in stack overflow
printf("Hello %s\n", name);
}
strcpy() example strcpy()示例
#include <stdio.h>
#include <string.h>
int main(int argc, char** argv){
char buffer [5];
strcpy(buffer,argv[1]);
return 0;
}
1 个解决方案
解决方案1
2 已采纳 2015-06-29 16:25:00
According to the documentation the strcpy() can cause overflow errors, because there is no check made wherever the data will fit in the new array or not. 根据文档, strcpy()可能导致溢出错误,因为没有检查数据在新数组中的适合位置。 The outcome of this overflow may sometime never been noticed, it all depends on where the data is written. 这种溢出的结果可能有时从未被注意到,这完全取决于数据的写入位置。 However a common outcome is heap and/or memory corruption. 但是,常见的结果是堆和/或内存损坏。
A safe alternative of strcpy() is the usage of strcpy_s() that requires also the size of the array. strcpy()一个安全替代方法是使用strcpy_s() ,它也需要数组的大小。
The same is valid for gets() or fgets() ,any of this outcome are possible: 这对于gets()或fgets()都是有效的,任何结果都是可能的:
- No visible affect what-so-ever
- Immediate program termination (a crash)
- Termination at a later point in the programs life time (maybe 1 second later, maybe 15 days later)
- Termination of another, unrelated program
- Incorrect program behaviour and/or calculation ... and the list goes on.
You can read more here . 你可以在这里阅读更多。 However your chance of smashing the stack increase if you have many nested calls to another functions (like it is in your fist case). 但是,如果你有许多嵌套调用其他函数(比如你的第一种情况),那么粉碎堆栈的几率会增加。
To conclude, in your situation is just happen to be so, because of their undefined behavior when an overflow occurs. 总而言之,在您的情况下恰好是这样,因为当发生溢出时它们的未定义行为。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.