嘗試學習開發在Ubuntuç

Question

林努力學習開發 我在緩衝區溢出 開始，這是我的代碼：

#include<stdio.h> 
#include<string.h> 

int main (int argc,char *argv[]) 
{ 
    int value=5; 
    char buffer_one[8],buffer_two[8]; 


    strcpy(buffer_one,"one"); 
    strcpy(buffer_two,"two"); 

    printf("[+] befor 2 is at %p and have \'%s\'\n",buffer_two,buffer_two); 
    printf("[+] befor 1 is at %p and have \'%s\'\n",buffer_one,buffer_one); 
    printf("[+] befor value at %p and have %d (0x%08x)\n",&value,value,value); 

    printf("\nstrcpy copying %d bytes into buffer_two\n\n",(int)strlen(argv[1])); 
    strcpy(buffer_two, argv[1]); 

    printf("[+] after 2 is at %p and have \'%s\'\n",buffer_two,buffer_two); 
    printf("[+] after 1 is at %p and have \'%s\'\n",buffer_one,buffer_one); 
    printf("[+] after value at %p and have %d (0x%08x)\n",&value,value,value); 

    return 0; 
} 

我用命令編譯它：

gcc -o overflow overflow.c 

現在我的問題開始了。

而不是把所有的變量到合適的位置記憶，（第一次寫將在最高的內存的地方，最後將是最低的地方，當我將履行與垃圾的最後一個變量，將覆蓋所有的變量） 他們的訂單很奇怪時，和第一次插入是洛斯

[+] befor 2 is at 0x7fffdb76e5f0 and have 'two' 
[+] befor 1 is at 0x7fffdb76e5e0 and have 'one' 
[+] befor value at 0x7fffdb76e5dc and have 5 (0x00000005) 

strcpy copying 8 bytes into buffer_two 

[+] after 2 is at 0x7fffdb76e5f0 and have '' 
[+] after 1 is at 0x7fffdb76e5e0 and have 'one' 
[+] after value at 0x7fffdb76e5dc and have 5 (0x00000005) 

Answer 1

兩件事情在這裏提及。

1. 變量分配順序（在堆棧中）未由C標準規定。根據不同的優化級別，相同的編譯器可能會重新排列變量的分配（從而更改地址）。

2. 訪問分配的內存過去是undefined behaviour。分割故障（死機）只是一個 UB的許多副作用。