Fatal编程技术网
  • c/
  • C 为什么我的';缓冲区溢出';程序在Windows上不会导致缓冲区溢出,但在Linux上使用该程序时是否会溢出?

C 为什么我的';缓冲区溢出';程序在Windows上不会导致缓冲区溢出,但在Linux上使用该程序时是否会溢出?

c

C 为什么我的';缓冲区溢出';程序在Windows上不会导致缓冲区溢出,但在Linux上使用该程序时是否会溢出?,c,overflow,C,Overflow,我目前正在学习缓冲区溢出,并编写了一个C语言中使用两个缓冲区的示例,缓冲区2被故意认为具有超出其应能处理的字节数,但在Windows中不知何故,它表明,额外的字节仍然在缓冲区2中,而缓冲区1在被覆盖时仍然保持其原始字节的完整性。我注意到的唯一变化是,我添加了两倍于缓冲区可占用的字节数,这导致缓冲区1完全为空 然而,当我在Linux计算机上执行完全相同的程序时,缓冲区1被缓冲区2的多余字节成功溢出。所以我的问题是:Windows中发生了什么事情阻止了我获得相同的输出?如果可能,我如何修复它 #in

我目前正在学习缓冲区溢出,并编写了一个C语言中使用两个缓冲区的示例,缓冲区2被故意认为具有超出其应能处理的字节数,但在Windows中不知何故,它表明,额外的字节仍然在缓冲区2中,而缓冲区1在被覆盖时仍然保持其原始字节的完整性。我注意到的唯一变化是,我添加了两倍于缓冲区可占用的字节数,这导致缓冲区1完全为空

然而,当我在Linux计算机上执行完全相同的程序时,缓冲区1被缓冲区2的多余字节成功溢出。所以我的问题是:Windows中发生了什么事情阻止了我获得相同的输出?如果可能,我如何修复它

#include <stdio.h>
#include <string.h>

[int main(int argc, char *argv\[\]){
    int value = 5;
    char buffer_one\[8\], buffer_two\[8\];
    
 strcpy(buffer_one, "one"); /* Put "one" into buffer_one. */
 strcpy(buffer_two, "two"); /* Put "two" into buffer_two. */
 
 printf("\[BEFORE\] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
 printf("\[BEFORE\] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
 printf("\[BEFORE\] value is at %p and is %d (0x%08x)\n", &value, value, value);
 
 printf("\n\[STRCPY\] copying %d bytes into buffer_two which has %d bytes \n\n", strlen(argv\[1\]), sizeof(buffer_two));
 strcpy(buffer_two, argv\[1\]); /* Copy first argument into buffer_two. */
 
 printf("SIZE OF BUFFER_TWO: %d\n", sizeof(buffer_two));
 printf("IN BUFFER 2: %d bytes\n", strlen(buffer_two));
 printf("IN BUFFER 1: %d bytes\n", strlen(buffer_one));
 
 printf("\[AFTER\] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
 printf("\[AFTER\] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
 printf("\[AFTER\] value is at %p and is %d (0x%08x)\n", &value, value, value);
}
写入已分配内存是未定义的行为。“未定义的行为”应该做什么?缓冲区在Windows中也溢出,但由于变量在Windows上的排列可能不同,溢出没有产生您预期的结果。不管怎样:未定义的行为包括“显然工作正常”和“超出我预期的事情”。 
**The Execution Commands**

overflow 123456789012345

**The output:**

[BEFORE] buffer_two is at 000000000062FE00 and contains 'two'
[BEFORE] buffer_one is at 000000000062FE10 and contains 'one'
[BEFORE] value is at 000000000062FE1C and is 5 (0x00000005)

[STRCPY] copying 15 bytes into buffer_two which has 8 bytes

SIZE OF BUFFER_TWO: 8
IN BUFFER 2: 15
IN BUFFER 1: 3
[AFTER] buffer_two is at 000000000062FE00 and contains '123456789012345'
[AFTER] buffer_one is at 000000000062FE10 and contains 'one'
[AFTER] value is at 000000000062FE1C and is 5 (0x00000005)