This preview shows page 1. Sign up to view the full content.
Unformatted text preview: eal -4(%ebp),%ebx pushl %ebx call gets Save %ebp on stack Allocate space on stack Save %ebx Allocate more space on stack Compute buf as %ebp-4 Push buf on stack Call gets We can see in this example that the program allocates a total of 32 bytes (lines 4 and 6) for local storage. However, the location of character array buf is computed as just four bytes below %ebp (line 7). Figure 3.27 shows the resulting stack structure. As can be seen, any write to buf through buf will cause the saved value of %ebp to be corrupted. When the program later attempts to restore this as the frame pointer, all subsequent stack references will be invalid. Any write to buf through buf will cause the return address to be corrupted. When the ret instruction is executed at the end of the function, the program will “return” to the wrong address. As this example illustrates, buffer overﬂow can cause a program to seriously misbehave. Our code for echo is simple but sloppy. A better version involves using the function fgets, which includes as an argument a count on the maximum number bytes to read. Homework problem 3.37 asks you to write an echo function that can handle an input stri...
View Full Document
- Spring '10
- The American