Search code examples
c++pointersmemcpybuffer-overflow

Memcpy change the pointers?

My task is to exploit a program which has two lines of code of memcpy. So I'm now studying memcpy and just found this. 

int main() {
    char a[10] = "123456789";
    cout<<a<<endl;
    char b[5];
    memcpy(b, a, 10);
    cout<<a<<endl;
    cout<<a-5<<endl;
    cout<<b<<endl;
}

and the output will be:

123456789
6789
123456789
123456789

Any idea Why the pointer of a changed here?

Solution
    1. a is an array, not a pointer. On the stack, there's a significant difference, which I describe in my answer here.
    2. a is higher than b on the stack, so when you copy 10 bytes from a to b, you have gone 5 bytes off the end of b and replaced the first 5 bytes of a. Note that this specific behavior is highly dependent on the compiler flags and the compiler version, and is generally speaking undefined.
    3. As an additional note, you have not printed the address of a, which is what I assume you meant by pointer. You have instead printed the value stored there.