Re: pass a local variable to a function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



明亮 ha scritto:
Hi guys,

This is my first email in this list, any help is much appreciated.
As I know, it's not allowed to pass a local variable to a function,
because the stack where local variable resides will be reused by other
functions.
eg:
     1  #include <stdio.h>
     2
     3  char *fetch();
     4
     5  int main(int argc, char *argv[]){
     6          char *string;
     7          string = fetch();
     8          printf("%s\n", string);
     9          exit(0);
    10  }
    11
    12  char *fetch(){
    13          char string[10];
    14          scanf("%s", string);
    15          return string;
    16  }

When the application is executed, after input "a", it will produce
unknown characters, like "8Šè¿ôÿO". Which is like what I expect

However, if I change line 13 to:
    13           char string[1024];

When I type "a", it echos "a", which is out of my expectation

Why does it behave like this?

Thanks in advance,
longapple
--
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


Try something like this
------
void p(int n){
	int onstack;
	printf("%p\n", &onstack);
	if(n>0) p(n-1);
}

int main(){
	p(5);
	return 0;
}
------

It should (system dependant) print a sequence of decreasing hex numbers;
that's because each time you call a function on your computer, the local stack grows downwards.

When you scanf() into a character array, it writes into the first characters of your array, that is string[0], then string[1], and so on: notice that the address of string[1] is GREATER than the address of string[0]...

Summing up there are two cases (assume that X stands for "any value"):

1) string[10]
==> { X, X, X, X, X, X, X, X, '\0', 'a' }
2) string[1024]
==> { X, X, X, (long sequence of garbage)..., '\0', a' }

When you call printf(), the printf function overwrites some bytes for its own stack variables: if it takes more than 10 bytes (eg 42), the small array will be completely overwritten, while with the big array it will only overwrite string[1023...980] (which was garbage anyway!), leaving string[0...979] intact.

I hope that was helpful; try gooling "buffer overflow" for more info


lb

--
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Assembler]     [Git]     [Kernel List]     [Fedora Development]     [Fedora Announce]     [Autoconf]     [C Programming]     [Yosemite Campsites]     [Yosemite News]     [GCC Help]

  Powered by Linux