From: j.neuschaefer@gmx.net (Jonathan Neuschäfer)
To: kernelnewbies@lists.kernelnewbies.org
Subject: how setbuf is working in c program
Date: Mon, 6 Jun 2011 17:24:48 +0200 [thread overview]
Message-ID: <20110606152447.GG15862@debian.debian> (raw)
In-Reply-To: <4DECE5B3.3030801@msys-tech.com>
On Mon, Jun 06, 2011 at 08:05:31PM +0530, Prabhu wrote:
> Hi all,
>
> I am writing user- space driver. My intention is to print whatever
> string i am enter into terminal.
>
> Here i am using setbuf function to sent the data to the print after
> some fixed string length.
>
> I wrote below program for understand setbuf functionality. But i am
> getting unpredictable result for some output . can any one explain
> the why i am getting these result.
>
> root at desktop:/home/prabhu# cat a.c
> #include <stdio.h>
> main()
> {
> char buff2[]= "hello world";
> char buf1[6]="";
>From the manpage:
You must make sure that the space that buf points to still
exists by the time stream is closed, which also happens at
program termination. For example, the following is invalid:
#include <stdio.h>
int main(void)
{
char buf[BUFSIZ];
setbuf(stdin, buf);
printf("Hello, world!\n");
return 0;
}
In addition setbuf assumes the buffer to be BUFSIZE big.
> setbuf(stdin, buf1);
> getchar();
> printf ("%s",buf1);
Do you really want to print buf1 here?
> }
>
>
> root at desktop:/home/prabhu# cc a.c
[ don't shoot yourself in the foot, root ]
> root at desktop:/home/prabhu# ./a.out
> a
> a
> root at desktop:/home/prabhu# ./a.out
> aa
> aa
> root at desktop:/home/prabhu# ./a.out
> aaa
> aaa
Here you're just lucky you found some zeros on the stack. You generally
_cannot_ predict what you will find on the stack, if you didn't write to
it in the same function (or a function called by it).
(buf1 now contains {'a', 'a', 'a', '\n', zero, something_likely_zero})
> root at desktop:/home/prabhu# ./a.out
> aaaa
> aaaa
> root at desktop:/home/prabhu# ./a.out
> aaaaa
> aaaaa
> hello worldroot at desktop:/home/prabhu# ./a.out
You seem to have a stack layout like this:
[ buf1 ] [ buf2 ]
stdio now tries to write "aaaaa\n" (without null-termination) into buf1.
printf sees this: "aaaaa\nhello world\0", and, of course, prints everything
up to the \0.
Btw, your program has severe security vulnerabilities; try feeding it long
(> 18 chars) strings or strings containing printf format specifiers :-).
> aaaaaa
> aaaaaa
> ello worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaa
> aaaaaaa
> llo worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaaa
> aaaaaaaa
> lo worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaaaa
> aaaaaaaaa
> o worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaaaaa
> aaaaaaaaaa
> worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaaaaaa
> aaaaaaaaaaa
Thanks / HTH,
Jonathan Neusch?fer
prev parent reply other threads:[~2011-06-06 15:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-06 14:35 how setbuf is working in c program Prabhu
2011-06-06 15:24 ` Jonathan Neuschäfer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110606152447.GG15862@debian.debian \
--to=j.neuschaefer@gmx.net \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.