The OS I am currently using is 64-bit Ubuntu 14.04 with its gcc version being 4.8.4.
I wrote a simple program as shown below to do some testings related to buffer overflow, and somehow I found that I could not overflow a local character string properly.
/*test.c*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int bof(char *str)
{
char buffer[4];
strcpy(buffer, str);
return 1;
}
int main()
{
char str[]="123456789012345';
/* This is the maximum length the string
can be, which is 16 bytes including the null character at the end, and
any strings that are longer than this would result in a segmentation fault */
bof(str);
}
This program was compiled with command
gcc -o test -fno-stack-protector test.c
so that supposedly stack protection should have been disabled.
Based on my observation, any strings that were less than or equal to 16 characters in length (including the null character) would be okay; otherwise, it would cause a segmentation fault.
Any thoughts why and how could I make it work? Thanks in advance!
you can use GNU Debug to find the distance, here is a tutorial http://www.cs.umd.edu/~srhuang/teaching/cmsc212/gdb-tutorial-handout.pdf