stack overflow failure

k0der's Avatar
Go4Expert Member
hello,
i want to intentionally bypass the statement
x=1;
in the below program.but was unable to do.
i am using gcc and gdb on fedora 8 linux on AMD64 machine.
what i am getting is just segmentation fault.
please put some points how to do that.
thanks.



Code:
/*.................         This program writes bypass a particular statement by process stack  overflow and return to the statement pass x=1 tp printf.... */


// Status: still does not work

#include<stdio.h>
function(int a, int b, int c) 
{
   char buffer1[5];
   char buffer2[10];
   int *ret;

   ret = buffer1 + 12;   // reaching at the ret statement; i.e. return address i.e. saved IP value before coming to function()
   (*ret) += 12;   //overwriting the IP value to past x=1;to know disassemble the main in gdb and count hw much to add hr(12)
}

int main()
 {
  int x;

  x = 0;
  function(1,2,3);
  x = 1;            //this statement is to be skipped by overflow
  printf("%d\n",x);
}

Last edited by shabbir; 1Jun2009 at 22:06.. Reason: Code blocks
xpi0t0s's Avatar, Join Date: Aug 2004
Mentor
This won't work if your calling convention is cdecl because the caller cleans up the stack, so by skipping the x=1 statement you also skip the stack cleanup code and thus leak stack memory (stack memory, which is more severe than heap memory cos there's usually a lot less).
This shouldn't cause a crash though, so what you'll need to do is to step through the code at the assembler level to find out where it's going wrong. Probably your calculations are off by a few.

A better solution is to return a value and let the caller decide what to do, e.g.
Code:
if (function(1,2,3))
  x=1;
so x=1 is skipped if function() returns zero.
k0der's Avatar
Go4Expert Member
i can skip the statement x=1,but i wanted to do it through stack overflow.I am using linux machine with AMD64 processor..i going through all the gibberish in assembly level.i am using gcc and gdb.i am off but how much i am not able to determine.
thanks for help anyways.