stack-overflow

Article can be found here . I'm reading up on smashing the stack and have found myself to be getting stuck on example3.c. 0x80004a3 <main+19>: call 0x8000470 <function> 0x80004a8 <main+24>: addl $0xc,%esp 0x80004ab <main+27>: movl $0x1,0xfffffffc(%ebp) 0x80004b2 <main+34>: movl 0xfffffffc(%ebp),%eax The author indicates that we want to skip from 0x80004a8 to 0x80004b2 and that this jump is 8 bytes; how has the author determined this is 8 bytes? I have recreated the code and sent it through objdump and found that it's not 8 bytes (I am on a 64 bit machine but I've made sure to compile using 32

My Mono application crashes on Mac with this message ( Full log ): $ mono --debug bin/Debug/SparkleShare.app/Contents/MonoBundle/SparkleShare.exe [...] Stack overflow in unmanaged: IP: 0x26eb76, fault addr: 0xbf808ffc [...] "in unmanaged" implies that the stack overflow is not in my code (I only have managed code) but rather in a library I embed ( SQLite, DotCmis, NewtonSoft.Json ) or in Mono's code. Even though I compile and run in Debug mode, all I get is these two hexadecimals. QUESTION: How can I investigate this stack overflow? Any trick? Note: The same libraries (with pretty much the

struct MemBlock { char mem[1024]; MemBlock operator*(const MemBlock &b) const { return MemBlock(); } } global; void foo(int step = 0) { if (step == 10000) { global = global * MemBlock(); } else foo(step + 1); } int main() { foo(); return 0; } Program received signal SIGSEGV, Segmentation fault. 0x08048510 in foo (step=4000) at t.cpp:12 12 void foo(int step = 0) { It seems that the MemBlock() instance costs a lot of stack memory though it hasn't been called yet (check gdb info). And when I use global = global * global instead, the program exits normally. Can anybody explain the inner mechanism?

If you write int m[1000000]; inside the main function of C/C++, it will get a runtime error for stack overflow. Instead if you write vector<int> m; and then push_back 1000000 elements there, it will run fine. I am very curious about why this is happening. They both are local memory, aren't they? Thanks in advance. Yes, the vector itself is an automatic (stack) object. But the vector holds a pointer to its contents (an internal dynamic array), and that will be allocated on the heap (by default). To simplify a little, you can think of vector as doing malloc / realloc or new[] calls internally

After some research i haven't found any paper describing method to do this (no even an unreliable one). It seems that SSP (StackSmashing Protection)/Propolice Canary's are a very good security measure for protecting against some buffer overflows. Over the years various Canary implementations have been broken and then made more secure. What is important is that even despite advanced memory protection buffer overflows are still being exploited on Vista, Windows 7 and Fedora 11... One very important thing to mention is that Canary's only protect the function's call frame (which includes the

I have recently migrated to a new laptop - HP dv6119tx (Intel Core i5, 4 GB RAM). It has Windows 7 Home Premium 64 bit installed. I am trying to create an array of type int of length 10^6 in C++ (Dev C++), which I used to create comfortably on my last laptop (32 bit Windows 7 Ultimate/Ubuntu Linux, 2GB RAM) and every other environment I have programmed on (It should take around 3.5 MB of RAM). But with the current setup, I am getting a "Segmentation Fault" error in Debug Mode. SCREENSHOTS (EDIT) : The first screenshot shows 10^5 working on the current setup and 10^6 not. I do not have a

My MySQL looks like this: (the name of the table is category) 'id', 'content', 'parent' where: id = the id of the category content = some-text-we-dont-care-about parent = the id of the parent category this is what I'm trying right now: function remrecurs($id) { $qlist=mysql_query("SELECT * FROM category WHERE parent='$id'"); if (mysql_num_rows($qlist)>0) { while($curitem=mysql_fetch_array($qlist)) { remrecurs($curitem['parent']); } } mysql_query("DELETE FROM category WHERE id='$id'"); } Which for some reason doesnt work and crashes .. Any idea what I'm doing wrong ? The problem is in the