It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
How does GCC ensure that The Stack doesn't overflow?
Shouldn't it check the Size is less than the MAX it can retain and prompt user accordingly,esp when it is implicitly defined?WIll this not be a great programming paradigm?
It doesn't. If you recurse deep enough, you will overflow, and there's nothing the compiler can do about it.
edit: I should point out that at the time I answered this question, the question simply read:
"How does GCC ensure that The Stack doesn't overflow?"
Linux uses a "guard area". It puts one or more access-protect pages at the end of the stack for each thread.
If the program accesses the guard area, the OS handles the fault. If the thread is already using its max permitted stack then it terminates something (the thread or the whole process, I don't remember which). Otherwise it tries to map memory to the addresses occupied by the guard area for use as stack, and protects a new area beyond the end of the newly-enlarged stack.
Prompting the user isn't really suitable for an OS like Linux, in which many processes are not monitored by a user, and for that matter there may not be any logged-in user at the time the problem arises. So your process just fails. Since it's an all-purpose compiler, gcc doesn't attempt runtime user interaction either.
Other OSes and platforms may or may not have stack guard pages (Windows does). About all gcc really needs to do is to ensure that if the stack is going to be exceeded, it doesn't "miss" the guard page by jumping a long way forward.
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
AFAIK, a buffer overflow is achieved by overwriting memory adjacent to a C variable's buffer. This overwriting is used to spawn a shell which executes commands.
But what if the user that is running the program vulnerable to a buffer overflow has the shell disabled ?
/etc/passwd:
user1:x:1000:1000:user1,,,,:/home/user1:/bin/false
sudo -u user1 /usr/bin/programname
"Shell disabled" only matters if you're actually logging in. If you're exploiting an already running program then you don't need to log in.
Exploits do not use a shell which is configured for a user — they normally include a binary code, shellcode, which are functionally equivalent to a primitive shell, meaning that it will start any chosen executable — for example a real shell program. Exploited program is then tricked to execute this code.
There are many different shellcodes available on the net, for example which do not include a byte '\0', so they will be passed unharmed as a C string, or which only include printable characters, valid unicode strings etc.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I am using POSIX threads, and at the end of my program, I am waiting to join each of the threads. After some time of running perfectly well, my code started returning a weird bug when I was waiting for the threads.
pthreads threads[C+P];
for(i = 0; i < (C+P); i++)
{
printf("%d\n", i);
pthread_join(threads[i]);
}
If I remove the printf statement, or replace it with any other printf statement, a delay, or any other operation on i, I still get a segfault.
How would I start debugging this?
Inserting printf() call affects memory layout (and thus it can, by pure accident, mask some memory corruption), as well as execution timing (you use threads, so timing is also relevant).
But instead of any sort of guesswork, you should do some regular debugging:
run you executable under gdb, this way you should be able to see what exact operation is causing a crash, where is it called from, etc.
run it under valgrind - this tool detects a lot of common errors, like accessing free'd memory block, using uninitialized variables, exceeding array/buffer boundaries, etc. It's not uncommon to immediately get exact position of the error with valgrind, I highly recommend it!
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I was solving a practice problem on a site which states that
The purpose of this problem is to verify whether the method you are
using to read input data is sufficiently fast to handle problems
branded with the enormous Input/Output warning. You are expected to be
able to process at least 2.5MB of input data per second at runtime.
Also how do I optimize input/output routines other than printf and scanf?
It is operating system specific (because the C standard only knows about <stdio.h>). With Linux consider using low-level syscalls for efficiency, like open(2), mmap(2), read(2), pread(2), write(2). You might also want to use readahead(2). Don't forget to make I/O in rather large blocks (e.g. 128Kbytes), page aligned if possible. Read the Advanced Linux Programming book.
If restricted to standard C99 functions, use fread(3) on rather big chunks. Consider also increasing the internal buffer with setvbuf(3)
And 2.5Mbyte/sec is not very impressive. Probably, the bottleneck is the hardware, but you should be able to get perhaps 20 or 50Mbytes/sec on a standard desktop hardware. Using SSD would help a big lot.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I'm using the PellesC C compiler. Sometimes my code randomly stops working. A particular statement can trigger it. For example, I multiplied a variable by sin(c) (c is a double) and my code seemed to just finish execution with no result. Sometimes it freezes, sometimes it appears to just return, but I can always fix it by removing the offending statement or disabling compiler optimizations, specifically "maximize speed" or "maximize speed more". The freezing will also go away nearly 100% of the time if I add a printf statement somewhere near the point at which it crashes. I've never found anything to suggest that I am accessing memory improperly, I'm fairly sure its a compiler issue. I was wondering if anybody could shed some light on this. Is it possible that I am, in fact, doing something wrong? Or is this a known issue with the Pelles C compiler?
Edit:
Changing
canvas->pixels[(y*canvas->pitch)+(x*canvas->Bpp)+2]=(unsigned char)(255.0*dtempA*(1-sin(c)));
canvas->pixels[(y*canvas->pitch)+(x*canvas->Bpp)+1]=(unsigned char)(255.0*dtempA*(1+cos(c)));
canvas->pixels[(y*canvas->pitch)+(x*canvas->Bpp)]=(unsigned char)(255.0*dtempA*(1+sin(c)));
to (difference at the end of the last line)
canvas->pixels[(y*canvas->pitch)+(x*canvas->Bpp)+2]=(unsigned char)(255.0*dtempA*(1-sin(c)));
canvas->pixels[(y*canvas->pitch)+(x*canvas->Bpp)+1]=(unsigned char)(255.0*dtempA*(1+cos(c)));
canvas->pixels[(y*canvas->pitch)+(x*canvas->Bpp)]=(unsigned char)(255.0*dtempA*(1+1));
makes it work.
It could be either but a good bet is that it's you :) Variables that are not explicitly initialized will often get different values in a optimized vs an un-optimized build because the stack layout can change subtly depending on how aggressively the compiler removes temporaries, as well as other factors.
You're probably accidentally using undefined behavior somewhere, and changing random instructions in the program is breaking the very fragile alignment of the code on the stack that happens to make the program work.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
A challenge for all the C experts out there:
On a linux machine, you have an already compiled C program, and you are given its source code:
...
char buffer[20];
int code;
gets(buffer);
if(code==1234) ...
...
...
if(0) func();
You don't posses root privileges and the program is read-only. Find a way to execute func. I am certain this is possible, so please don't post any "It isn't possible" answers.
Good luck!
The answer lies in the unchecked buffer overflow that is waiting to happen with gets(buffer); and an understanding of what the stack looks like.
You could try setting the return address to the func() call by overflowing buffer.
http://en.wikipedia.org/wiki/Stack_buffer_overflow#Exploiting_stack_buffer_overflows
It may or may not be possible. If there are no other references to func(), the compiler may well have decided not to generate code for it in the first place -- dead code can be optimized away entirely.
This question is pretty underspecified, anyway. What do you mean by "the program is read-only"? The source code, or the executable? Are we attacking it from inside the process at runtime, inside the process by changing the source code, outside the process by trying to invoke it in funny ways, ...?
If the compiler generated code for the function (i.e. it didn't get chopped by the dead code optimizer) and you have a debugger and debug symbols, just attach a debugger and tell it to find and invoke func().
If you want to exploit the code at runtime, you can cause a buffer overflow in gets(), and take control of the process from inside, but you still have to find func() so you can jump to it -- having the source code won't help you here, and nothing will help you here if the compiler didn't generate code for it.
Since we have the source code, I would make the following edit and recompile:
-if(0) func();
+func();
Serious answer, there are thousands of ways of doing it (hacked environments, buffer overflows, etc), but the common pitfall is that a good compiler should optimize if (0) {} away. If that is the case there would be no way of executing func(). If not, then I would just start up my trusty debugger and jumping to the right spot.
Obviously, execute the famous set 0=1 command before running your executable.
But seriously, this is way off-topic...