Application
Development
Michael K. Johnson
Erik W. Troan
|
|
Linux
Application Development |
Michael K. Johnson Erik W. Troan |
#include <stdlib.h>
#include <stdio.h>
char global[5];
int main(void) {
char * dyn;
char local[5];
/* First, overwrite a buffer just a little bit */
dyn = malloc(6);
strcpy(dyn, "12345");
printf("1: %s\n", dyn);
free(dyn);
/* Now overwrite the buffer a lot */
dyn = malloc(9);
strcpy(dyn, "12345678");
printf("2: %s\n", dyn);
/* Walk past the beginning of a malloced buffer */
*(dyn - 1) = '\0';
printf("3: %s\n", dyn);
/* note we didn't free the pointer! */
/* Now go after a local variable */
strcpy(local, "12345");
printf("4: %s\n", local);
local[-1] = '\0';
printf("5: %s\n", local);
/* Finally, attack global data space */
strcpy(global, "12345");
printf("6: %s\n", global);
/* And write over the space before the global buffer */
global[-1] = '\0';
printf("7: %s\n", global);
return 0;
}