[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] issue found in "tcc 0.9.24"
From: |
Filip Navara |
Subject: |
Re: [Tinycc-devel] issue found in "tcc 0.9.24" |
Date: |
Thu, 29 May 2008 12:14:51 +0200 |
It's actually bug in your program. The scanf reads two characters and
then terminates it with '\0' which overrides the next variable on the
stack which happens to be "i". Classical example of buffer overflow :)
F.
On Thu, May 29, 2008 at 12:09 PM, G. Belllini <address@hidden> wrote:
>
>
> Hi guys,
>
> I fell into a problem in using "tcc 0.9.24" if you are interested.
>
> Here is a code showing the error :
> You should notice that variable "i" is not incremented. It looks like
> variable "i" is resetted
> just after the "scanf" instruction.
>
> #include <stdio.h>
>
> main ()
> {
> char i; // used as number that we want on 1 byte only
> char tmp_str[2]; // this is a string
>
> i = 0;
>
> do
> {
>
> printf ("\n");
> printf ("Type 2 characters : ");
> scanf ("%s", &tmp_str);
>
> printf("\n");
> printf("You typed %s\n", tmp_str);
>
> i++;
> printf("DEBUG : i = %d\n", i);
>
> } while (i < 5);
>
> }
>
>
> Ok, now a workaround is to declare variable "tmp_str" as first. Like this :
>
> #include <stdio.h>
>
> main ()
> {
> char tmp_str[2]; // this is a string
> char i; // used as number that we want on 1 byte only
>
> i = 0;
>
> do
> {
>
> printf ("\n");
> printf ("Type 2 characters : ");
> scanf ("%s", &tmp_str);
>
> printf("\n");
> printf("You typed %s\n", tmp_str);
>
> i++;
> printf("DEBUG : i = %d\n", i);
>
> } while (i < 5);
>
> }
>
>
>
> __________________________________________________
> Do You Yahoo!?
> En finir avec le spam? Yahoo! Mail vous offre la meilleure protection
> possible contre les messages non sollicités
> http://mail.yahoo.fr Yahoo! Mail
> _______________________________________________
> Tinycc-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/tinycc-devel
>
>