Fatal编程技术网
  • pointers/
  • Pointers bss中的静态指针溢出

Pointers bss中的静态指针溢出

pointers

Pointers bss中的静态指针溢出,pointers,static,overflow,address-sanitizer,Pointers,Static,Overflow,Address Sanitizer,我正在使用关于bss中静态指针溢出的w00w00练习。我将缓冲区和缓冲区指针放入静态结构中,以强制溢出指针。否则,它会将指针放在和缓冲区之前,不会发生溢出 #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <errno.h> #define BUFSIZE 16 #de

我正在使用关于bss中静态指针溢出的w00w00练习。我将缓冲区和缓冲区指针放入静态结构中,以强制溢出指针。否则,它会将指针放在和缓冲区之前,不会发生溢出

   #include <stdio.h>
   #include <stdlib.h>
   #include <unistd.h>
   #include <string.h>
   #include <errno.h>

   #define BUFSIZE 16
   #define ADDRLEN 4 /* # of bytes in an address */


int main()
   {
        u_long diff;
    struct buf {
    char buf[BUFSIZE];
    char *bufptr  ;
    } ;

    static struct buf a;

    a.bufptr = a.buf, diff = (u_long)a.buf - (u_long)&a.bufptr;

    printf("bufptr (%p) = %p, buf = %p, diff = 0x%x (%d) bytes\n",
            &a.bufptr,a.bufptr, a.buf, diff, diff);

    memset(a.buf, 'A', (u_int)(diff + ADDRLEN));

    printf("bufptr (%p) = %p, buf = %p, diff = 0x%x (%d) bytes\n",
            &a.bufptr, a.bufptr, a.buf, diff, diff);

      return 0;
   }
是否有标志或方法强制溢出

编辑: 我解决了这个问题。差异结果为-16。 我很生气它看起来像这样

diff = (u_long)&a.bufptr - (u_long)a.buf
现在它可以正常工作了

尝试大于结构大小但不足以解释为负数的大小:

memset(a.buf, 'A', 1024);
另外,请确保使用
-fno common
进行编译,如中所述

memset(a.buf, 'A', 1024);