Stack smashing detected after calling msgrcv function - c

I have written two programs one to send message using msgsnd and other to receive with msgrcv. I have been using these functions for quite a while, but I can't figure out "stack smashing detected" error in receiving file. In that file I try to copy one part of file to one char array and second part into second array. I get stack smashing detected after receiving program completion if msgrcv is ever called in a file. At the end of a file I call printf function to print two arrays. From my point arr1 and arr2 should contain complete message, while only arr1 contains message and arr2 is empty. But the biggest problem is stack smashing detected error. I place code for two files below:
Sending file:
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <math.h>
#include <string.h>
#include <sys/mman.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <sys/types.h>
#include <unistd.h>
#include <sys/sem.h>
#include <sys/msg.h>
#include <stdint.h>
typedef struct message {
long type;
char text[128];
} message;
int main (int argc, char **argv) {
if (argc == 3 && strcmp (argv [1], "-m") == 0) {
key_t key = (key_t) atoi (argv[2]);
message msg;
int message_queue_id = msgget (key, IPC_CREAT | 0666);
int semaphore_set_id = semget (key, 1, IPC_CREAT | 0666);
struct semid_ds buf;
struct sembuf sb;
long long buf_address = (long long)&buf;
long long sb_address = (long long)&sb;
// sending message
msg.type = 6;
memset (msg.text, 0, 128);
printf ("%p %p\n", (void*)&buf, (void*)&sb);
sprintf (msg.text, "%lld %lld", buf_address, sb_address);
printf ("msg: %s\n", msg.text);
void* ptr = (void*)buf_address;
printf ("ptr = %p\n", ptr);
msgsnd(message_queue_id, (struct msgbuf*)&msg, sizeof (msg) - 4, 0);
sleep (1000);
}
}
Receiving file (without headers):
typedef struct message {
long type;
char text[128];
} message;
int main (int argc, char **argv) {
if (argc == 3 && strcmp (argv [1], "-m") == 0) {
key_t key = (key_t) atoi (argv[2]);
int message_queue_id = msgget (key, IPC_CREAT | 0666);;
int semaphore_set_id = semget (key, 1, IPC_CREAT | 0666);
message msg;
struct semid_ds buf;
struct sembuf sb;
msgrcv (message_queue_id, (struct msgbuf*)&msg, sizeof(msg) - 4, 6, IPC_NOWAIT);
printf ("msg = %s\n", msg.text);
char arr1[32] = "\0", arr2[32] = "\0";
int i = 0;
while (msg.text[i] != ' ') {
arr1[i] = msg.text[i];
i++;
}
i++;
while (msg.text[i]) {
arr2[i] = msg.text[i];
i++;
}
printf ("arr1 = %s, arr2 = %s\n", arr1, arr2);
printf ("sizeof(long) = %d\n", (int)sizeof(long));
}
}

msgrcv (message_queue_id, (struct msgbuf*)&msg, sizeof(msg) - 4, 6, IPC_NOWAIT);
The third parameter to msgrcv should be the size of the buffer stored in the message structure. When doing the calculation sizeof(msg) - 4, you seem to be assuming that the size of long is always 4, which is incorrect. Instead, you should simply use sizeof(msg.text).
You also have the same error in the sender. Because the size of long in 64-bit linux is 8 bytes and not 4, your code will write past the end of the msg variable, causing a buffer overflow.

Related

Is this how message queues are supposed to work?

I am trying to understand message queues. In the examples I saw, the msg strunct would have only one more attribute except of the first one (the type) which must be long. So, it would be something like struct msg{long mtype; char text[100]};.
I tried to add a new int attribute, x to see if I recieve both the text and the number and it worked.
Is this how message queues are supposed to work? Can I have as many attributes as I want in my struct?
And, also, is it ok to call the msgrcv and msgsnd functions with the length parameter set to sizeof(send) - sizeof(send.x) because I know that the sizeof a struct isn't always the same as the sum of the sizeof of each attribute?
Thank you.
int main(){
struct msg{
long mtype;
char text[100];
int x;
};
int key = ftok(".", 10);
int qid = msgget(key, 0666|IPC_CREAT);
int pid = fork();
if(pid == 0){
struct msg send;
send.mtype = 1;
strcpy(send.text, "hello");
send.x = 99;
if(msgsnd(qid, (void*)&send, sizeof(send) - sizeof(send.x), 0)<0){
printf("Error child: ");
}
}
else{
struct msg recieve;
if(msgrcv(qid, (void*)&recieve, sizeof(recieve) - sizeof(recieve.x), 1, 0)<0){
perror("Error parent: ");
};
printf("text: %s\nnumber: %d", recieve.text, recieve.x);
}
return 0;
}
From the man page, in:
int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg);
msgp is defined as:
The msgp argument is a pointer to a caller-defined structure of the
following general form:
struct msgbuf {
long mtype; /* message type, must be > 0 */
char mtext[1]; /* message data */
};
Bold is mine
The major point here being the struct is caller-defined. So as long as the input struct (sent by msgsnd) and output struct (received by msgrcv) are the same, the data following mtype can be anything you want (as long as you specify the size correctly). For your case, you really only need:
msgsnd(qid, (void*)&send, sizeof(send) - sizeof(send.mtype), 0)
and
msgrcv(qid, (void*)&recieve, sizeof(recieve) - sizeof(send.mtype), 1, 0)
The char[] is just a placeholder, you can have whatever you want in the structure after the required long mtype field. The size on the msgsnd() call does NOT include mtype.
You almost had it correct.
Here is a working version:
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
int main(void){
struct msg {
long mtype;
char text[100];
int x;
};
size_t sz = sizeof(struct msg) - sizeof(long); <=== /* SIZE */
int key = ftok(".", 10);
int qid = msgget(key, 0666|IPC_CREAT);
int pid = fork();
if (pid == 0){
struct msg send;
send.mtype = 1;
strcpy(send.text, "hello");
send.x = 99;
if (msgsnd(qid, (void*)&send, sz, 0)<0){
perror("Error child: ");
}
} else {
struct msg recieve;
if(msgrcv(qid, (void*)&recieve, sz, 1, 0)<0){
perror("Error parent: ");
};
printf("text: %s\nnumber: %d\n", recieve.text, recieve.x);
}
return 0;
}
int msgsnd(int msqid, const void *msgp, size_t msgsz, int msgflg);
Since the msgp parameter is declared as const void*, you can use whatever data type you want. There is nothing that says it has to be a struct with just a long and a char[]. This means you can just do sizeof(send). You do not need to adjust for the extra struct member that you are sending. In fact, doing so will cause problems because the entire struct will not be handled. The only thing that matters is that msgrcv() uses the same struct as the previous msgsnd(). See this example.

System V Message Queues - getting message that already exists

I've been working on a project and one of the tasks that I have to do is passing the string received from another process through a pipe to yet another process but this time I have to use a message queue.
I've managed to learn how msgqueue works and made a simple working program but, the thing is, it works when receiving a string from stdin through fgets.
My question is:
Can I pass a string that is already saved in other variable (for example
char s[20] = "message test"; ) to the msgqueues mtext?
My simple program looks like that:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <errno.h>
struct msgbuf {
long mtype;
char string[20];
};
struct msgbuf mbuf;
int open_queue( key_t keyval ) {
int qid;
if((qid = msgget( keyval, IPC_CREAT | 0660 )) == -1)
return(-1);
return(qid);
}
int send_message( int qid){
int result, size;
size = sizeof mbuf.string;
if((result = msgsnd( qid, &mbuf, size, 0)) == -1)
return(-1);
return(result);
}
int remove_queue( int qid ){
if( msgctl( qid, IPC_RMID, 0) == -1)
return(-1);
return(0);
}
int read_message( int qid, long type){
int result, size;
size = sizeof mbuf.string;
if((result = msgrcv( qid, &mbuf, size, type, 0)) == -1)
return(-1);
return(result);
}
int main(void){
int qid;
key_t msgkey;
msgkey = ftok(".", 'm');
if(( qid = open_queue( msgkey)) == -1) {
perror("openErr");
exit(1);
}
mbuf.mtype = 1;
fgets(mbuf.string, sizeof mbuf.string, stdin);
if((send_message( qid)) == -1) {
perror("sendErr");
exit(1);
}
mbuf.mtype = 1;
if((read_message(qid, mbuf.mtype))== -1){
perror("recERR");
exit(1);
}
printf("Queue: %s\n", mbuf.string);
remove_queue(qid);
return 0;
}
Your code uses fgets() to fill the buffer mbuf.string with input read from stdin. You can instead use something like strcpy(mbuf.string, "message test") where you can pass in a variable or use a hard coded string.
I recommend using the POSIX message queue API as the System V API is deprecated.

Ubuntu Semaphore: Segmentation fault (core dumped)

I am learning semaphores in C using Ubuntu right now. The professor just throw us this code and ask us to study it and observe. When I compiled I get a warning that ctime(&sem_buf.sem_ctime) returns an int, not a char * but nothing major. When I run it the output is just: Semaphore identifier: 0 Segmentation fault (core dumped). I am very confused as of what went wrong and I have no idea what is going on in this code. Some help would be very much appreciated.
Here is the code:
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/sem.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <semaphore.h>
# define NS 3
union semun {
int val;
struct semid_ds *buf;
ushort *array; // Unsigned short integer.
};
int main(void)
{
int sem_id, sem_value, i;
key_t ipc_key;
struct semid_ds sem_buf;
static ushort sem_array[NS] = {3, 1, 4};
union semun arg;
ipc_key = ftok(".", 'S'); // Creating the key.
/* Create semaphore */
if ((sem_id = semget(ipc_key, NS, IPC_CREAT | 0666)) == -1) {
perror ("semget: IPC | 0666");
exit(1);
}
printf ("Semaphore identifier %d\n", sem_id);
/* Set arg (the union) to the address of the storage location for */
/* returned semid_ds value */
arg.buf = &sem_buf;
if (semctl(sem_id, 0, IPC_STAT, arg) == -1) {
perror ("semctl: IPC_STAT");
exit(2);
}
printf ("Create %s", ctime(&sem_buf.sem_ctime));
/* Set arg (the union) to the address of the initializing vector */
arg.array = sem_array;
if (semctl(sem_id, 0, SETALL, arg) == -1) {
perror("semctl: SETALL");
exit(3);
}
for (i=0; i<NS; ++i) {
if ((sem_value = semctl(sem_id, i, GETVAL, 0)) == -1) {
perror("semctl : GETVAL");
exit(4);
}
printf ("Semaphore %d has value of %d\n",i, sem_value);
}
/*remove semaphore */
if (semctl(sem_id, 0, IPC_RMID, 0) == -1) {
perror ("semctl: IPC_RMID");
exit(5);
}
}
You need to include time.h to the compiler recognize ctime function. The warning is because the compiler don't know ctime is a function and that returns an char*. By default GCC assumes the unknown function returns an int.

Why I dont see a msg from message queue?

I would like to understand how message queues in Unix work. I wrote a simple code which sends a short message to queue and then I can read that message. But my code shows :
And I dont know why - and I cant see a message I send to queue. Heres my code:
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/msg.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <fcntl.h>
struct mymsgbuf {
long mtype;
char mtext[1024];
}msg;
int send_message(int qid, struct mymsgbuf *buffer )
{
int result = -1, length = 0;
length = sizeof(struct mymsgbuf) - sizeof(long);
if((result = msgsnd(qid, buffer, length, 0)) == -1)
return -1;
return result;
}
int read_message(int qid, long type, struct mymsgbuf *buffer)
{
int result, length;
length = sizeof(struct mymsgbuf) - sizeof(long);
if((result = msgrcv(qid, buffer, length, type, 0)) == -1)
return -1;
printf("Type: %ld Text: %s\n", buffer->mtype, buffer->mtext);
return result;
}
int main(int argc, char **argv)
{
int buffsize = 1024;
int qid = msgget(ftok(".", 0), IPC_CREAT | O_EXCL);
if (qid == -1)
{
perror("msgget");
exit(1);
}
msg.mtype = 1;
strcpy(msg.mtext, "my simple msg");
if((send_message(qid, &msg)) == -1)
{
perror("msgsnd");
exit(1);
}
if((read_message(qid, 1, &msg) == -1))
{
perror("msgrcv");
exit(1);
}
return 0;
}
When I changed a line with msgget for this line:
int qid = msgget(ftok(".", 0), IPC_CREAT | O_EXCL | 0600);
it shows:
From the documentation for msgget:
The low-order 9 bits of msg_perm.mode shall be set equal to the low-order 9 bits of msgflg.
You need to add some permissions to your queue, at least read and write. Do something like:
int qid = msgget(ftok(".", 0), IPC_CREAT | O_EXCL | 0600);

Convert Linux C Char Array to Int

need some advice on this one as im struggling abit and cannot figure it out.
i have a file that gets updated on a PC to indicate a system ran and what time it ran. i am writing a very simple linux console app (will eventually be a nagios plugin). that reads this file and responds depending on what it found within the file.
i am a total newbie to programming on Linux and using C so please be patient and if you would explain any answers it would really be appreciated.
basically i want to convert a char array containing 5 characters into an integer, however the 5th char in the array is always a letter. so technically all i want to-do is convert the first 4 chars in the array to a integer... how?? ive tried multiple ways with no success, my problem is that presently i do not have a good grasp of the language so have no real ideas on what it can and cannot do.
here is the source to my program.
basically the buf array will be holding a string taken from the file that will look something like this
3455Y (the number will be random but always 4 chars long).
Sorry for the poor formatting of the code, but i cannot get this stupid window for love nor money to format it correctly....
include <fcntl.h>
include <unistd.h>
include <stdio.h>
include <stdlib.h>
include <time.h>
include <string.h>
define COPYMODE 0644
int main(int argc, char *argv[])
{
int i, nRead, fd;
int source;
int STATE_OK = 0;
int STATE_WARNING = 1;
int STATE_CRITICAL = 2;
int STATE_UNKNOWN = 3;
int system_paused = 0;
char buf[5];
int testnumber;
if((fd = open(argv[1], O_RDONLY)) == -1)
{
printf("failed open : %s", argv[1]);
return STATE_UNKNOWN;
}
else
{
nRead = read(fd, buf, 5);
}
close(source);
if (buf[4] == 'P')
{
printf("Software Paused");
return STATE_WARNING;
}
else
{
return STATE_OK;
}
time_t ltime; /* calendar time */
struct tm *Tm;
ltime=time(NULL); /* get current cal time */
Tm=localtime(&ltime);
int test;
test = Tm->tm_hour + Tm->tm_min;
printf("%d", test);
printf("%d", strtoi(buf));
}
You can use sscanf to do the job:
int num = 0;
sscanf(buf, "%4d", &num);
Then num should hold the number from the line in the file.
You can use atoi
atoi requires one char * argument and returns an int.
If the string is empty, or first character isn't a number or a minus sign, then atoi returns 0.If atoi encounters a non-number character, it returns the number formed up until that point
int num = atoi(buf);
if you want to convert the first four characters of a string to an integer do this:
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <stdint.h>
uint8_t convertFirstFourChars(char * str, uint32_t *value){
char tmp[5] = {0};
strncpy((char *) tmp, str, 4);
*value = strtoul(tmp);
return errno;
}
then call / test this function like this
#include <stdint.h>
#include <stdio.h>
int main(int argc, char **argv){
char test1[5] = "1234A";
char test2[5] = "ABCDE";
uint32_t val = 0;
if(convertFirstFourChars((char *) test1, &val) == 0){
printf("conversion of %s succeeded, value = %ld\n", test1, val);
}
else{
printf("conversion of %s failed!\n", test1);
}
if(convertFirstFourChars((char *) test2, &val) == 0){
printf("conversion succeeded of %s, value = %ld\n", test2, val);
}
else{
printf("conversion of %s failed!\n", test2);
}
return 0;
}
FWIW, don't use atoi(...) because it converts any string to an integer regardless of its validity as a number. atoi("foo") === 0.
this is as much of your code as I was able to recover from the formatting:
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <time.h>
#define COPYMODE 0644
int main(int argc, char *argv[])
{
int i, nRead, fd;
int source;
int STATE_OK = 0;
int STATE_WARNING = 1;
int STATE_CRITICAL = 2;
int STATE_UNKNOWN = 3;
int system_paused = 0;
char buf[5];
int testnumber;
if((fd = open(argv[1], O_RDONLY)) == -1)
{
printf("failed open : %s", argv[1]);
return STATE_UNKNOWN;
}
else
{
nRead = read(fd, buf, 5);
}
close(source);
if (buf[4] == 'P')
{
printf("Software Paused");
return STATE_WARNING;
} else {
return STATE_OK;
}
time_t ltime; /* calendar time /
struct tm Tm;
ltime=time(NULL); / get current cal time */
Tm=localtime(&ltime);
int test;
test = Tm->tm_hour + Tm->tm_min;
printf("%d", test);
printf("%d", strtoi(buf));
}
this is the version that does what you specified:
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <time.h>
#define COPYMODE 0644
int main(int argc, char *argv[])
{
int i, nRead, fd;
int source;
int STATE_OK = 0;
int STATE_WARNING = 1;
int STATE_CRITICAL = 2;
int STATE_UNKNOWN = 3;
int system_paused = 0;
char buf[5];
int testnumber;
if((fd = open(argv[1], O_RDONLY)) == -1)
{
printf("failed open : %s", argv[1]);
return STATE_UNKNOWN;
}
else
{
nRead = read(fd, buf, 5);
}
close(source);
if (buf[4] == 'P')
{
printf("Software Paused");
return STATE_WARNING;
}/* else {
return STATE_OK;
buf[4] = 0;
} */
time_t ltime; /* calendar time */
struct tm *Tm;
ltime=time(NULL); /* get current cal time */
Tm=localtime(&ltime);
int test;
test = Tm->tm_hour + Tm->tm_min;
printf("%d\n", test);
printf("%d\n", atoi(buf));
}
The biggest problem with your code was the if statement with the returns in each branch, insuring that nothing after the if statement was ever executed.

Resources