hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Strange Behavior In C
GovernmentSecurity.org > System Security > Windows Systems
brOmstar
Nov 10 2004, 10:24 AM
Hi i tried to write a simple poc for the ccproxy6.0 bof.

I have strange behaviors when i fill a buffer...

This is the c-code(simplified)
---------------------

CODE
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{

 char a[5];
 
 int i;
 
 for(i=0;i<5;i++){
 
  a[i] = 'A';
 
 }
 
 printf("That's the buffer(size):%s(%i)",a,strlen(a));
 

 return 0;
}



I think it's very simple code...but the output is surprising

C:\Dokumente und Einstellungen\frank-lokal\Desktop>code
That's the buffer(size):AAAAA~(6)
C:\Dokumente und Einstellungen\frank-lokal\Desktop>

6chars? Where came the '~' from?

I asked a friend because this is total wired for me ...he codes the same on openbsd with gcc same problem. The buffer is filled with a char or some chars at the end without any code for that sometimes the buffer was 10 chars bigger then declared.

Has somebody an idea what is wrong with the code?
White Scorpion
Nov 10 2004, 11:42 AM
normally when you define a string you need to realize that the '\0' as ending character will be added to the string, so your string should always be one character longer then the characters you fill it with.

this is how it should be:

CODE

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{

char a[5];
 int i;

for(i=0;i<4;i++)
{
       a[i] = 'A';
}

printf("That's the buffer(size):%s(%i)",a,strlen(a));


return 0;
}


hope this helps wink.gif
da_cash
Nov 10 2004, 12:07 PM
the lepricaun has right and defining a char table with length 5 like below

char a[5];

creates a table starting from 0 to 5 so 012345 and it's 6 chars ...
magicone
Nov 10 2004, 12:56 PM
Don't forget le ending '0' character. The good code :

CODE

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{

char a[5];
 int i;

for(i=0;i<4;i++)
{
       a[i] = 'A';
}
a[4]=0;

printf("That's the buffer(size):%s(%i)",a,strlen(a));

return 0;
}
BlaStA
Nov 10 2004, 03:03 PM
QUOTE(da_cash @ Nov 10 2004, 02:07 PM)
the lepricaun has right and defining a char table with length 5 like below

char a[5];

creates a table starting from 0 to 5 so 012345 and it's 6 chars ...
*


No, you're wrong. "char a[5];" creates a string-array with 5 fields, that would mean the indexes go from 0 to 4.
brOmstar
Nov 10 2004, 07:12 PM
ok thx all wink.gif
White Scorpion
Nov 10 2004, 08:15 PM
QUOTE(magicone @ Nov 10 2004, 07:56 AM)
Don't forget le ending '0' character. The good code :

CODE

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[])
{

char a[5];
 int i;

for(i=0;i<4;i++)
{
       a[i] = 'A';
}
a[4]=0;

printf("That's the buffer(size):%s(%i)",a,strlen(a));

return 0;
}

*




yes, that is correct, and you could include the final
CODE

a[4]=0;
or better yet
CODE

a[4]='\0';
but in this case that isn't really needed.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.