From: Lorenzo Beretta <lory.fulgi@infinito.it>
To: linux-c-programming@vger.kernel.org
Subject: Re: pass a local variable to a function
Date: Wed, 25 Mar 2009 18:17:41 +0100 [thread overview]
Message-ID: <gqdovn$pku$1@ger.gmane.org> (raw)
In-Reply-To: <56b13acf0903250921w1934942bma7280055c97a9db3@mail.gmail.com>
明亮 ha scritto:
> Hi guys,
>
> This is my first email in this list, any help is much appreciated.
> As I know, it's not allowed to pass a local variable to a function,
> because the stack where local variable resides will be reused by other
> functions.
> eg:
> 1 #include <stdio.h>
> 2
> 3 char *fetch();
> 4
> 5 int main(int argc, char *argv[]){
> 6 char *string;
> 7 string = fetch();
> 8 printf("%s\n", string);
> 9 exit(0);
> 10 }
> 11
> 12 char *fetch(){
> 13 char string[10];
> 14 scanf("%s", string);
> 15 return string;
> 16 }
>
> When the application is executed, after input "a", it will produce
> unknown characters, like "8Šè¿ôÿO". Which is like what I expect
>
> However, if I change line 13 to:
> 13 char string[1024];
>
> When I type "a", it echos "a", which is out of my expectation
>
> Why does it behave like this?
>
> Thanks in advance,
> longapple
> --
> To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
Try something like this
------
void p(int n){
int onstack;
printf("%p\n", &onstack);
if(n>0) p(n-1);
}
int main(){
p(5);
return 0;
}
------
It should (system dependant) print a sequence of decreasing hex numbers;
that's because each time you call a function on your computer, the local
stack grows downwards.
When you scanf() into a character array, it writes into the first
characters of your array, that is string[0], then string[1], and so on:
notice that the address of string[1] is GREATER than the address of
string[0]...
Summing up there are two cases (assume that X stands for "any value"):
1) string[10]
==> { X, X, X, X, X, X, X, X, '\0', 'a' }
2) string[1024]
==> { X, X, X, (long sequence of garbage)..., '\0', a' }
When you call printf(), the printf function overwrites some bytes for
its own stack variables: if it takes more than 10 bytes (eg 42), the
small array will be completely overwritten, while with the big array it
will only overwrite string[1023...980] (which was garbage anyway!),
leaving string[0...979] intact.
I hope that was helpful; try gooling "buffer overflow" for more info
lb
--
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-03-25 17:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-25 16:21 pass a local variable to a function 明亮
2009-03-25 17:17 ` Lorenzo Beretta [this message]
2009-03-26 13:09 ` Mingliang
2009-03-25 18:50 ` Bert Wesarg
2009-03-26 8:42 ` Glynn Clements
2009-03-26 9:49 ` Jon Mayo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='gqdovn$pku$1@ger.gmane.org' \
--to=lory.fulgi@infinito.it \
--cc=linux-c-programming@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.