Wow!!! learned a lot!!!. Thanks!!!
-Mingliang
On Wed, Mar 25, 2009 at 9:17 AM, Lorenzo Beretta <lory.fulgi@xxxxxxxxxxx> wrote:
> 明亮 ha scritto:
>>
>> Hi guys,
>>
>> This is my first email in this list, any help is much appreciated.
>> As I know, it's not allowed to pass a local variable to a function,
>> because the stack where local variable resides will be reused by other
>> functions.
>> eg:
>> 1 #include <stdio.h>
>> 2
>> 3 char *fetch();
>> 4
>> 5 int main(int argc, char *argv[]){
>> 6 char *string;
>> 7 string = fetch();
>> 8 printf("%s\n", string);
>> 9 exit(0);
>> 10 }
>> 11
>> 12 char *fetch(){
>> 13 char string[10];
>> 14 scanf("%s", string);
>> 15 return string;
>> 16 }
>>
>> When the application is executed, after input "a", it will produce
>> unknown characters, like "8Šè¿ôÿO". Which is like what I expect
>>
>> However, if I change line 13 to:
>> 13 char string[1024];
>>
>> When I type "a", it echos "a", which is out of my expectation
>>
>> Why does it behave like this?
>>
>> Thanks in advance,
>> longapple
>> --
>> To unsubscribe from this list: send the line "unsubscribe
>> linux-c-programming" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>>
>
> Try something like this
> ------
> void p(int n){
> int onstack;
> printf("%p\n", &onstack);
> if(n>0) p(n-1);
> }
>
> int main(){
> p(5);
> return 0;
> }
> ------
>
> It should (system dependant) print a sequence of decreasing hex numbers;
> that's because each time you call a function on your computer, the local
> stack grows downwards.
>
> When you scanf() into a character array, it writes into the first characters
> of your array, that is string[0], then string[1], and so on: notice that the
> address of string[1] is GREATER than the address of string[0]...
>
> Summing up there are two cases (assume that X stands for "any value"):
>
> 1) string[10]
> ==> { X, X, X, X, X, X, X, X, '\0', 'a' }
> 2) string[1024]
> ==> { X, X, X, (long sequence of garbage)..., '\0', a' }
>
> When you call printf(), the printf function overwrites some bytes for its
> own stack variables: if it takes more than 10 bytes (eg 42), the small array
> will be completely overwritten, while with the big array it will only
> overwrite string[1023...980] (which was garbage anyway!), leaving
> string[0...979] intact.
>
> I hope that was helpful; try gooling "buffer overflow" for more info
>
>
> lb
>
> --
> To unsubscribe from this list: send the line "unsubscribe
> linux-c-programming" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
