Solution-hw7 - 14 return false 15 memcpy(src packet ptr1 packet 16 src[ptr1 packet = 0 17 return true 18 19 20 void report_log(dst 21 char log[1024

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Homework 7 Solution I Buffer overflow The following code segment is extracted from the Green Dam. Which line code will cause buffer overflow? Why and give your solution to fix such bug? 1) which line? Line 22 2) why? When the length of src equal to URL_LEN_LIMIT, then the length of dst = 1000 + 13. Therefore, at line 22 the length of log is 1000+13+20 + 1=1034 > 1024. 3) how to fix? fix line 21: char log[1034] // at least 1034 fix line 1: const int URL_LEN_LIMIT = 990; //no more than 990. II Pointer Fill in the following declares in C program style. 1) int * a[10] // an array of size 10 pointers to integers 2) int **a _________ // a pointer to a pointer to an integer 1 const int URL_LEN_LIMIT = 1000; 2 void func1(const char* packet) { 3 char src[1024], dst[1024]; 4 if (get_src(packet, src)) { 5 strcpy(dst, "Found bad URL"); 6 strcat(dst, src); 7 report_log(dst); 8 } 9 } 10 11 bool get_src(const char* packet, char* src) { 12 const char* ptr1 = strstr(packet, "XXXX"); 13 if (ptr1 - packet < 0 || ptr1 - packet > URL_LEN_LIMIT)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 14 return false; 15 memcpy(src, packet, ptr1 - packet); 16 src[ptr1 - packet] = 0; 17 return true; 18 } 19 20 void report_log(dst) { 21 char log[1024]; 22 sprintf(log, "[%2d-%2d-2d %2d:%2d:%2d] %s", . .., dst); 23 } 3) int (*a[5])(float) _________ //an array of size 5 pointers to functions which take a float argument and return an integer III Float pointer Consider the following 16-bit floating point representation based on the IEEE floating point format: There is a sign bit in the most significant bit. The next k = 5 bits are the exponent. The last n= 10 bits are the fractional part. Bias is 15. Numeric values are encoded in this format as a value of the form (-1) s * M * 2 E , where s is the sign bit, E is exponent after biasing, and M is the significand. Fill the following table for this floating point representation. Description E M Value 0 -14 Smallest denorm -14 1/1024 1/2^24 Largest denorm -14 1023/1024 1023/2^24 Smallest norm -14 1 1/16384 or 1/2^14 1 1 1 Largest norm 15 2047/1024 65504...
View Full Document

This note was uploaded on 10/19/2011 for the course CS 000 taught by Professor Jing during the Fall '10 term at Fudan University.

Page1 / 2

Solution-hw7 - 14 return false 15 memcpy(src packet ptr1 packet 16 src[ptr1 packet = 0 17 return true 18 19 20 void report_log(dst 21 char log[1024

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online