计算机系统基础日志No.6 缓冲区溢出演示
文章目录
一,程序,编译运行及汇编1.源程序2.编译运行1>结果2>分析3>汇编及汇编程序
3.拓展getchar()与gets(),scanf()
一,程序,编译运行及汇编
1.源程序
/* Demonstration of buffer overflow */
#include <stdio.h>
#include <stdlib.h>
/* Implementation of library function gets() */
char *gets(char *dest)
{
int c = getchar();
char *p = dest;
while (c != EOF && c != '\n') {
*p++ = c;
c = getchar();
}
*p = '\0';
return dest;
}
/* Read input line and write it back */
void echo()
{
char buf[4]; /* Way too small! */
gets(buf);
puts(buf);
}
void call_echo()
{
echo();
}
/*void smash()
{
printf("I've been smashed!\n");
exit(0);
}
*/
int main()
{
printf("Type a string:");
call_echo();
return 0;
}
2.编译运行
1>结果
l
wh@lwh-virtual-machine:~$ gcc bufdemo.c -o bufdemo
lwh@lwh-virtual-machine:~$ ./bufdemo
输入用户自定义数字
Type a string:0123
0123
lwh@lwh-virtual-machine:~$ ./bufdemo
Type a string:01234
01234
*** stack smashing detected ***: <unknown> terminated
已放弃 (核心已转储)
2>分析
当输入01234时出现问题,经过查询知道这一般都是程序有内存操作错误并产生SIGSEGV信号, 并在目录下生成名字叫做core的文件. 排查程序发现char buf[4]存储太小,用户键盘输入的字符极易超出其范围
3>汇编及汇编程序
为整理后所得,非虚拟机原结果 lwh@lwh-virtual-machine:~$ gcc -S -o bufdemo.text bufdemo.c gets: pushq %rbp movq %rsp, %rbp subq $32, %rsp movq %rdi, -24(%rbp) call getchar@PLT movl
