缓冲区溢出的分段错误

Question

I am having trouble to run this c code. When I do i get segmentation fault and an error with 'return' return 0xdeadbeef;

Anyone have any suggestions?

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int lame(unsigned int size, unsigned int value){

unsigned int array1[4];
unsigned int array2[6];
array2[5] = value;
memcpy(&array1, &array2, size * sizeof(unsigned int));

return 1;
}

void awesome(){
printf("awwwwwww yeaaahhhhh! All awesome, all the time!\n");
}

main(unsigned int argc, char ** argv){
unsigned int size, value;
size = strtoul(argv[1], 0, 10);
value = strtoul(argv[2], 0, 16);

if(!lame(size, value)){
    awesome();
}
else{
    printf("I am soooo lame :(\n");
}

return 0xdeadbeef;
}

Answer 1

I said that there was "at least one bug on almost every line of your code" and now I will list them. If I don't have any comments on a line, there are no bugs on that line, but you also need to read up on proper code formatting and style.

int lame(unsigned int size, unsigned int value){
unsigned int array1[4];
unsigned int array2[6];
array2[5] = value;
memcpy(&array1, &array2, size * sizeof(unsigned int));
return 1;
}

Undefined behavior on the memcpy line if size is larger than 4. Since size is taken from user input, this program contains a buffer overflow vulnerability, albeit one that might be hard to exploit. (You need to read " Smashing the Stack for Fun and Profit .")

This function has no externally visible side effects. The compiler may, and probably will, delete all of its code except the return 1 .

Functions that always return the same constant value should be refactored to return void . Functions that are not used outside the current file should be declared static .

void awesome(){
printf("awwwwwww yeaaahhhhh! All awesome, all the time!\n");
}

This use of printf can be replaced by puts . Functions that are not used outside the current file should be declared static .

main(unsigned int argc, char ** argv){

The first argument to main must have type int , not unsigned int . The return type (which must be int , not void ) is missing; many compilers will tolerate this (treating it as implicitly returning int ) for backward compatibility with pre-C89 code, but it's still Wrong.

unsigned int size, value;
size = strtoul(argv[1], 0, 10);
value = strtoul(argv[2], 0, 16);

Both size and value should be unsigned long for consistency with what strtoul returns.

Undefined behavior if there are fewer than two command-line arguments.

Need to check both calls to strtoul for failure. This is nontrivial; read the EXAMPLES section of the OpenBSD manpage for strtoul to learn how to do it correctly .

However, props for using strtoul rather than atoi (which you can't check for failure) or sscanf (which has undefined behavior on integer overflow).

if(!lame(size, value)){
    awesome();
}
else{
    printf("I am soooo lame :(\n");
}

The compiler can and will determine that lame always returns 1, and optimize out the call to awesome . (In fact, it would be entitled to optimize out everything but the above printf , as all control flow paths either trigger undefined behavior or they reach this printf , and there are no other externally visible effects. The compilers I have readily to hand are not quite that clever, but they do remove the if-then-else and all the code inside lame .)

This use of printf can also be replaced by puts .

You will automatically become 23% less lame the moment you stop calling yourself lame.

return 0xdeadbeef;

The value returned by main is meaningful. 0 means success of the overall program, any other value means some sort of failure. Always return 0 unless you intend to indicate failure. Also, only values in the range [0, 127] can be reliably received by the parent process cross-platform; 0xdeadbeef is Right Out.

In your screenshot, main returned void instead of having a missing return type; that plus a return statement with a value should have caused the program to fail to compile . Your compiler might tolerate it in main , though.