Linux c bronk.c

最新推荐文章于 2014-01-14 17:17:06 发布

ralbatr

最新推荐文章于 2014-01-14 17:17:06 发布

阅读量830

点赞数

分类专栏： Linux 编程

本文链接：https://blog.csdn.net/ralbatr/article/details/8315660

版权

Linux 同时被 2 个专栏收录

46 篇文章 0 订阅

订阅专栏

编程

33 篇文章 0 订阅

订阅专栏

/* brenken.c */


#include <stdlib.h>
#include <stdio.h>
#include <string.h>


char global[5];


int brenken(void)
{
	char * dyn;
	char local[5];


	/*First ,overwrinte a buffer just a little bit*/
	dyn = malloc(5);
	strcpy(dyn,"12345");
	printf("1: %s\n",dyn );
	free(dyn);


	/*Now overwrite the buffer a lot*/
	dyn = malloc(5);
	strcpy(dyn,"12345678");
	printf("2: %s\n",dyn);


	/*Wall past the beginning of a malloced local buffer */
	*(dyn - 1) = '\0';
	printf("3: %s\n",dyn );
	/*note we didn't free the pointer !*/


	/*Now go after a local variable */
	strcpy(local,"12345");
	printf("4: %s\n",local );
	local[-1] = '\0';
	printf("5: %s\n",local );


	/*Finally , attack global date space */
	strcpy(global,"12345");
	printf("6: %s\n", global);


	/*And write over the space before the global buffer */
	global[-1] = '\0';
	printf("7: %s\n",global );


	return 0;
}
int main(void)
{
	return brenken();
}