File tree Expand file tree Collapse file tree 1 file changed +55
-0
lines changed Expand file tree Collapse file tree 1 file changed +55
-0
lines changed Original file line number Diff line number Diff line change
1
+
2
+ #include <stdlib.h>
3
+ #include <stdio.h>
4
+ #include <string.h>
5
+
6
+ int foo (char * str )
7
+ {
8
+ char buffer [100 ];
9
+ unsigned int * framep ;
10
+
11
+ // Copy ebp into framep
12
+ asm("movl %%ebp, %0" : "=r" (framep ));
13
+
14
+ /* print out information for experiment purpose */
15
+ printf ("Address of buffer[]: 0x%.8x\n" , (unsigned )buffer );
16
+ printf ("Frame Pointer value: 0x%.8x\n" , (unsigned )framep );
17
+
18
+ /* The following statement has a buffer overflow problem */
19
+ strcpy (buffer , str );
20
+
21
+ return 1 ;
22
+ }
23
+
24
+ // For the purpose of experiment
25
+ void bar ()
26
+ {
27
+ static int i = 0 ;
28
+ printf ("The function bar() is invoked %d times!\n" , ++ i );
29
+ }
30
+
31
+
32
+ // For the purpose of experiment
33
+ void baz (int x )
34
+ {
35
+ printf ("The value of baz()'s argument: 0x%.8X\n" , x );
36
+ }
37
+
38
+ int main (int argc , char * * argv )
39
+ {
40
+ char str [2000 ];
41
+ FILE * badfile ;
42
+
43
+ char * shell = (char * )getenv ("MYSHELL" );
44
+ if (shell ){
45
+ printf ("The '%s' string's address: 0x%.8x\n" , shell ,
46
+ (unsigned int )shell );
47
+ }
48
+
49
+ badfile = fopen ("badfile" , "r" );
50
+ fread (str , sizeof (char ), 2000 , badfile );
51
+ foo (str );
52
+
53
+ printf ("Returned Properly\n" );
54
+ return 1 ;
55
+ }
You can’t perform that action at this time.
0 commit comments