Re: double the buffer? - buffer overflows

From: RainbowHat (nHiATlE@blSackholeP.mAit.edMu.invalid)
Date: 06/22/02


From: RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid>
Date: Sat, 22 Jun 2002 13:44:44 +0000 (UTC)


< Andrew S.
>On Fri, 21 Jun 2002 15:37:56 -0600, Rex Dieter wrote:
>> Andrew S. wrote:

>>> Well, following this advice I have upgraded gcc to 3.1, and low and
>>> behold, nothing! I still get the compiler giving the size of 40 bytes
>>> instead of 20, my question stands: Is this standard on most linux
>>> computers or not?
>>
>> Padding data structures for byte/word alignment is a common compiler
>> optimization.

How about the result of 'example2.c'.

---[ example2.c ]---
#include <stdio.h>
void function(int a, int b, int c) {
        struct cbufs {
                char buffer1[5];
                char buffer2[10];
        };
        union {
                struct cbufs cb;
                unsigned long ul[4];
        } un;
        int i;
        printf("sizeof char = %d\n", sizeof(char));
        printf("sizeof ulong = %d\n", sizeof(unsigned long));
        printf("sizeof cbufs = %d\n", sizeof(struct cbufs));
        printf("sizeof un.cb = %d\n", sizeof(un.cb));
        printf("sizeof un.ul = %d\n", sizeof(un.ul));
        printf("sizeof un = %d\n", sizeof(un));
        for(i=0; i<10; i++) {
                if(i<5) {
                        un.cb.buffer1[i] = un.cb.buffer2[i] = i+1;
                } else {
                        un.cb.buffer2[i] = i+1;
                }
        }
        for(i=0; i<4; i++) {
                printf("%d: %10lu\n", i, (int)un.ul[i]);
        }
}
int main() {
        function(1, 2, 3);
        return 0;
}

$ gcc -S -o example2.s example2.c
$ grep '\.align' example2.s
        .align 4
        .align 4
$ gcc -o example2 example2.c
$ ./example2
sizeof char = 1
sizeof ulong = 4
sizeof cbufs = 15
sizeof un.cb = 15
sizeof un.ul = 16
sizeof un = 16
0: 67305985
1: 50462981
2: 117835012
3: 3205105928

-- 
Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet.
----+----1----+----2----+----3----+----4----+----5----+----6----+----7



Relevant Pages

  • Re: double the buffer? - buffer overflows
    ... >> Andrew S. wrote: ... I still get the compiler giving the size of 40 bytes ... void function(int a, int b, int c) { ... sizeof ulong = 4 ...
    (comp.os.linux.security)
  • SSPI Kerberos for delegation
    ... security context created in server to connect back and authenticate to ... DWORD bufsiz = sizeof buf; ... int n = ib.cbBuffer; ... // wserr() displays winsock errors and aborts. ...
    (microsoft.public.security)
  • SSPI Kerberos for delegation
    ... security context created in server to connect back and authenticate to ... DWORD bufsiz = sizeof buf; ... int n = ib.cbBuffer; ... // wserr() displays winsock errors and aborts. ...
    (microsoft.public.win32.programmer.kernel)
  • SSPI delegation using kerberos
    ... security context created in server to connect back and authenticate to ... DWORD bufsiz = sizeof buf; ... int n = ib.cbBuffer; ... // wserr() displays winsock errors and aborts. ...
    (microsoft.public.platformsdk.security)
  • SSPI Kerberos for delegation
    ... security context created in server to connect back and authenticate to ... DWORD bufsiz = sizeof buf; ... int n = ib.cbBuffer; ... // wserr() displays winsock errors and aborts. ...
    (microsoft.public.platformsdk.security)