buffer-overflow

问题 I have this code and run it with Flawinder, and i get this output on the read() functions: "Check buffer boundaries if used in a loop including recursive loops" Can anyone see the problem? ** #include <stdlib.h> void func(int fd) { char *buf; size_t len; read(fd, &len, sizeof(len)); if (len > 1024) return; buf = malloc(len+1); read(fd, buf, len); buf[len] = '\0'; } ** 回答1: you should check the return value of read() to know whether call to read() was success or failure or if read() was

问题 I have this code and run it with Flawinder, and i get this output on the read() functions: "Check buffer boundaries if used in a loop including recursive loops" Can anyone see the problem? ** #include <stdlib.h> void func(int fd) { char *buf; size_t len; read(fd, &len, sizeof(len)); if (len > 1024) return; buf = malloc(len+1); read(fd, buf, len); buf[len] = '\0'; } ** 回答1: you should check the return value of read() to know whether call to read() was success or failure or if read() was

问题 I have this code and run it with Flawinder, and i get this output on the read() functions: "Check buffer boundaries if used in a loop including recursive loops" Can anyone see the problem? ** #include <stdlib.h> void func(int fd) { char *buf; size_t len; read(fd, &len, sizeof(len)); if (len > 1024) return; buf = malloc(len+1); read(fd, buf, len); buf[len] = '\0'; } ** 回答1: you should check the return value of read() to know whether call to read() was success or failure or if read() was

问题 I have this code and run it with Flawinder, and i get this output on the read() functions: "Check buffer boundaries if used in a loop including recursive loops" Can anyone see the problem? ** #include <stdlib.h> void func(int fd) { char *buf; size_t len; read(fd, &len, sizeof(len)); if (len > 1024) return; buf = malloc(len+1); read(fd, buf, len); buf[len] = '\0'; } ** 回答1: you should check the return value of read() to know whether call to read() was success or failure or if read() was

问题 I have a buffer overflow lab I have to do for a project called The Attack Lab. I'm on phase 2 of the lab, and I have to inject code as part of my exploit string in order to make the program point to the address of the function touch2(). I've gotten to the point where the output says that its a valid solution for phase 2, but then it says I caused a seg fault and then says I failed the phase. This is the error message I receive cookie: 0x2d6fc2d5 Type string:Touch2!: You called touch2

问题 I could test using strncpy() with larger source string then the destination: int main() { char *ptr = malloc(12); strcpy(ptr,"hello world!"); return 0; } Compiling with the flag -fstack-protector and using the -S option I got: .file "malloc.c" .text .globl main .type main, @function main: .LFB2: .cfi_startproc pushq %rbp .cfi_def_cfa_offset 16 .cfi_offset 6, -16 movq %rsp, %rbp .cfi_def_cfa_register 6 subq $32, %rsp movl %edi, -20(%rbp) movq %rsi, -32(%rbp) movq %fs:40, %rax movq %rax, -8(

问题 I could test using strncpy() with larger source string then the destination: int main() { char *ptr = malloc(12); strcpy(ptr,"hello world!"); return 0; } Compiling with the flag -fstack-protector and using the -S option I got: .file "malloc.c" .text .globl main .type main, @function main: .LFB2: .cfi_startproc pushq %rbp .cfi_def_cfa_offset 16 .cfi_offset 6, -16 movq %rsp, %rbp .cfi_def_cfa_register 6 subq $32, %rsp movl %edi, -20(%rbp) movq %rsi, -32(%rbp) movq %fs:40, %rax movq %rax, -8(

问题 I wanted to know how the following error message should be read. In particular: (1) what do things such as fa (heap left redzone) and fd (freed heap region) mean? (2) What is the significance of the 00s and 05s. (3) What is the significance of the memory block being pointed to (0x0c067fff8010)? (4) What is a wild pointer? (5) Why is the fa on the line with the memory block that has an arrow to it in square brackets ([fa])? Compilation Command clang++ test.cpp -fsanitize=address -D_LIBCPP

问题 I am receiving messages over serial port from a micro-controller. i am using a baud rate of 9600. I have a program written using win32 API that receives the messages. Sometimes it happens that i am not able to receive the messages and then suddenly a burst comes in when i press Ctrl+C. How do I clear the serial buffer so that i can avoid this flooding of data? Thank you 回答1: The PurgeComm function does that. When using serial ports in Windows, the Comm Port API reference is quite useful. 来源：

问题 I am receiving messages over serial port from a micro-controller. i am using a baud rate of 9600. I have a program written using win32 API that receives the messages. Sometimes it happens that i am not able to receive the messages and then suddenly a burst comes in when i press Ctrl+C. How do I clear the serial buffer so that i can avoid this flooding of data? Thank you 回答1: The PurgeComm function does that. When using serial ports in Windows, the Comm Port API reference is quite useful. 来源：