Re: array size 1 ? All headers

Re: array size 1 ? All headers

[Gre Taguran]

i think its not array of 1 but instead array of 2 which is 0 and 1 index. maybe 
it is because u were thinking that the last array index (in this case is 1) is 
null, but it is only applicable when handling string because string needs a 
terminated string. ex.

char tst[1];
tst[0]='g';
tst[1]='r';
printf("%s",tst); //this would print gr<and more chars here because it is not 
terminated
printf("%c=%c"); //this will print gr meaning tst[1] is alocated by 'r'

try this out.

>Hi, 
>What does an array of size 1 mean? or maybe I might be putting it wrong, so 
>here's the declaration - 
>
>struct option_state { 
>   int refcnt; 
>   int universe_count; 
>   int site_universe; 
>   int site_code_min; 
>   VOIDPTR universes[1]; 
>}; 
>
>(code from ISC DHCP sources includes/dhcpd.h) 
>
>What does universes[1] mean here? 
>
>Thanks. 
>-Anshu


GRETAGS
http://www.sni.ph/~gtaguran
Research & Software Development
SNI Phils. CDO 
Tel no. 8585773/720011

--
Message sent using e-Finity WebMail 2.0
System Net International, Philippines, Inc.
an affiliate of SNI, Virginia, USA
www.sni.ph www.sni-inc.com

Re: array size 1 ? All headers

[Luiz Fernando N. Capitulino]

 Hi Gre,

Em Wed, 21 Jul 2004 10:27:35 +0800
"Gre Taguran" <gtaguran@sni.ph> screveu:

| i think its not array of 1 but instead array of 2 which is 0 and 1 index.

 Wrong.

 K&R defines array as: array[lenght]

 So, if you defines an array as:

 int luiz[10]

 You will have 10 memory cells for it, and if you do:

 int luiz[1]

 You will have one memory cell.

 But, the _access_ is made from 0, so for the first example, we have:

 luiz[0], luiz[1], luiz[2]... luiz[9].

 For the second, just:

 luiz[0].

| maybe 
| it is because u were thinking that the last array index (in this case is 1) is 
| null, but it is only applicable when handling string because string needs a 
| terminated string. ex.
| 
| char tst[1];
| tst[0]='g';
| tst[1]='r';
| printf("%s",tst); //this would print gr<and more chars here because it is not 
| terminated
| printf("%c=%c"); //this will print gr meaning tst[1] is alocated by 'r'

 The program:

 char tst[1];
 tst[0]='g';
 tst[1]='r';

 printf("%c %c\n", tst[0], tst[1]);

 compiles and works here! but to be honest, I don't why. I can prove it is
an odd case, becase this also works (here):

 char tst[1];
 tst[0]='g';
 tst[1]='r';
 tst[2]='z';

 printf("%c %c %c\n", tst[0], tst[1], tst[2]);

PS: GCC compiled.

-- 
Luiz Fernando

Re: array size 1 ? All headers

[joy]

Luiz Fernando N. Capitulino wrote:

> The program:
>
> char tst[1];
> tst[0]='g';
> tst[1]='r';
>
> printf("%c %c\n", tst[0], tst[1]);
>
> compiles and works here! but to be honest, I don't why. I can prove it is
>an odd case, becase this also works (here):
>
>  
>
correct me if I'm wrong, but I feel that the code you have written is 
the classic case of a buffer overflow.
C , (I think) , does not check for array boundaries and leaves this work 
to be done by the programmer.
this is the basis of all those nasty worms running free!

> char tst[1];
> tst[0]='g';
> tst[1]='r';
> tst[2]='z';
>
> printf("%c %c %c\n", tst[0], tst[1], tst[2]);
>
>PS: GCC compiled.
>
>  
>

Re: array size 1 ? All headers

[Eric Bambach]

On Tuesday 20 July 2004 09:57 pm, you wrote:

Sorry Luiz, meant to send this to the list. Doh.....

>  compiles and works here! but to be honest, I don't why. I can prove it is
> an odd case, becase this also works (here):
>
>  char tst[1];
>  tst[0]='g';
>  tst[1]='r';
>  tst[2]='z';
>
>  printf("%c %c %c\n", tst[0], tst[1], tst[2]);
>
> PS: GCC compiled.


I think small overflows like this will work because arrays are allocated in 
multiples of the word size for the artitecture. So char 
ar[1];
gets 4 bytes as does char ar[2], char ar[3] and char ar[4].
char ar[5] will get 8 bytes. So  with ar[1] and ar[5] you can stuff up to 3 
more charaters until you overwrite critical parts of the stack. Its not an 
error per se, because the space is given to the array, but its a horrible 
thing to do in practice.

Someone correct me if I wrong, im typing this for the sake of teaching and 
learning myself.
-- 
-EB

Re: array size 1 ? All headers

[canbaby]

Luiz Fernando N. Capitulino wrote:

> Hi Gre,
>
>Em Wed, 21 Jul 2004 10:27:35 +0800
>"Gre Taguran" <gtaguran@sni.ph> screveu:
>
>| i think its not array of 1 but instead array of 2 which is 0 and 1 index.
>
> Wrong.
>
> K&R defines array as: array[lenght]
>
> So, if you defines an array as:
>
> int luiz[10]
>
> You will have 10 memory cells for it, and if you do:
>
> int luiz[1]
>
> You will have one memory cell.
>
> But, the _access_ is made from 0, so for the first example, we have:
>
> luiz[0], luiz[1], luiz[2]... luiz[9].
>
> For the second, just:
>
> luiz[0].
>
>| maybe 
>| it is because u were thinking that the last array index (in this case is 1) is 
>| null, but it is only applicable when handling string because string needs a 
>| terminated string. ex.
>| 
>| char tst[1];
>| tst[0]='g';
>| tst[1]='r';
>| printf("%s",tst); //this would print gr<and more chars here because it is not 
>| terminated
>| printf("%c=%c"); //this will print gr meaning tst[1] is alocated by 'r'
>
> The program:
>
> char tst[1];
> tst[0]='g';
> tst[1]='r';
>
> printf("%c %c\n", tst[0], tst[1]);
>
> compiles and works here! but to be honest, I don't why. I can prove it is
>an odd case, becase this also works (here):
>
> char tst[1];
> tst[0]='g';
> tst[1]='r';
> tst[2]='z';
>
> printf("%c %c %c\n", tst[0], tst[1], tst[2]);
>
>PS: GCC compiled.
>
>  
>
but your code had  over the array bound, the sequent is risk.
I  think the GCC should detect the index value

Re: array size 1 ? All headers

[Glynn Clements]

Luiz Fernando N. Capitulino wrote:

>  The program:
> 
>  char tst[1];
>  tst[0]='g';
>  tst[1]='r';
> 
>  printf("%c %c\n", tst[0], tst[1]);
> 
>  compiles and works here! but to be honest, I don't why.

The above code writes beyond the bounds of the array. It works because
the space which you are overwriting doesn't happen to be used for
anything. C doesn't perform bounds checking on array accesses.

In all probability, the compiler aligns the array to a 32-bit (4-byte)
boundary, so there are three unused bytes after the array. If you
wrote to tst[4], you would typically overwrite the saved frame pointer
(you would get away with this in a trivial test program, but not in a
real program). If you wrote to tst[8], you would typically overwrite
the return address, which would result in an exception.

If you write outside of an array's bounds, the result is "undefined". 
It might work, it might crash, it might do just about anything.

-- 
Glynn Clements <glynn.clements@virgin.net>

Re: array size 1 ? All headers

[Luiz Fernando N. Capitulino]

Em Tue, 20 Jul 2004 22:17:43 -0500
Eric Bambach <eric@cisu.net> screveu:

| >  The program:
| >
| >  char tst[1];
| >  tst[0]='g';
| >  tst[1]='r';
| >
| >  printf("%c %c\n", tst[0], tst[1]);
| >
| >  compiles and works here! but to be honest, I don't why. I can prove it is
| > an odd case, becase this also works (here):
| >
| >  char tst[1];
| >  tst[0]='g';
| >  tst[1]='r';
| >  tst[2]='z';
| >
| >  printf("%c %c %c\n", tst[0], tst[1], tst[2]);
| >
| > PS: GCC compiled.
| 
| 
| I think small overflows like this will work because arrays are allocated in 
| multiples of the word size for the artitecture. So char 
| ar[1];
| gets 4 bytes as does char ar[2], char ar[3] and char ar[4].
| char ar[5] will get 8 bytes. So  with ar[1] and ar[5] you can stuff up to 3 
| more charaters until you overwrite critical parts of the stack. Its not an 
| error per se, because the space is given to the array, but its a horrible 
| thing to do in practice.

 Oh yeah, the best pratice is to write right code. :-)


-- 
Luiz Fernando

Re: array size 1 ? All headers

[Luiz Fernando N. Capitulino]

Em Wed, 21 Jul 2004 08:47:11 +0530
joy <gracecott@sancharnet.in> screveu:

| Luiz Fernando N. Capitulino wrote:
| 
| > The program:
| >
| > char tst[1];
| > tst[0]='g';
| > tst[1]='r';
| >
| > printf("%c %c\n", tst[0], tst[1]);
| >
| > compiles and works here! but to be honest, I don't why. I can prove it is
| >an odd case, becase this also works (here):
| >
| >  
| >
| correct me if I'm wrong, but I feel that the code you have written is 
| the classic case of a buffer overflow.

 Yes, you right.

 I did it to show to Greg if the program with buf[1], even indexed with
buf[1] works, it is wrong.

-- 
Luiz Fernando