是否有可能使该程序崩溃？ [英] Is it possible to crash this program somehow?

问题描述

我目前正在大学的其中一门课程中学习C。现在我们有一个任务要解决，我不确定该怎么做。

I am currently learning C in one of my courses at the university. Now we have a task to solve and I am not sure how to do it.

任务看起来像这样：
是否可以让这个程序用户输入是否崩溃？如果是，请解释这种情况。

The task looks like this: "Is it possible to let this program crash with user inputs? If so, explain this case."

我们提供的程序非常简单，看起来像这样：

The program we have been given is quite simple and looks like this:

#include <stdio.h>  // Include to use printf, scanf

int main()
{
    // Define buffers to store user name and password
    char username[16];
    char password[16];

    // Read username and password from user input
    printf("Enter your name: ");
    scanf("%s", username);
    printf("Enter your password: ");
    scanf("%s", password);
    printf("[SHOUTING OUT LOUD] Hello, %s!\n", username);

    return 0;
}   

我已经发现，您可以使程序打印出密码，如果您使用的用户名超过15个字符。但这显然不是崩溃。
因此，我还没有找到使程序崩溃的方法，但是我可以肯定地找到一种解决方法。
有人有什么想法吗？

I already found out, that you can make the program print out the password, if you use a username longer than 15 chars. But this is obviously not a crash. So I haven't found a way to crash the program, but somehow I am pretty sure, that there is a way to do this. Does somebody has any idea?

谢谢：）

推荐答案

输入长度超过15个字符的用户名或密码可能会使程序崩溃，但这并不能保证一定会导致该程序崩溃。

Entering a username or password longer than 15 characters can crash the program, it's just not guaranteed to do so.

编写时超出数组的边界，您将调用未定义的行为。松散地说，这意味着您无法对程序的工作做任何假设。它可能会崩溃，可能会输出奇怪的结果，或者它似乎可以正常工作。

When you write past the bounds of an array, you invokes undefined behavior. Loosely speaking, that means you can't make any assumptions about what your program will do. It may crash, it may output strange results, or it may appear to work properly.

只是因为程序可能崩溃并不一定意思是会。

Just because the program could crash doesn't necessarily mean it will.

话虽如此，考虑到大多数编译器的使用方式为了工作，输入的字符串越长，崩溃的可能性就越大。

That being said, given the way most compilers you're likely to come across work, you're more likely to get a crash the longer the string you enter.

局部变量通常在彼此相邻的堆栈上分配。例如，假设用户名在堆栈中的密码之前。如果输入用户名的20个字符，它将在用户名之后写入密码和用户名将不包含空终止字节。当您输入密码时，它将覆盖用户名的前16个字符。然后，在打印 username 时，您会看到输入的前16个字符。

Local variables are typically allocated on the stack adjacent to each other. For example, suppose username comes immediately before password on the stack. If you enter in a 20 character name for the username, it will write past username into password and username will not contain a null terminating byte. When you then enter a password, it will overwrite any characters of the username after the first 16. Then when you print username, you'll see the first 16 characters of what you entered followed by the password.

现在假设您输入100个字符作为用户名。这将写入过去的用户名和过去的密码，并且很可能会覆盖 main的返回地址。然后，当 main 尝试返回时，将读取一个伪造的地址，然后尝试跳至该地址是导致崩溃的原因。

Now suppose you enter in 100 characters for the username. This will write past username and past password and will most likely overwrite the return address for main. Then when main attempts to return is reads a bogus address, and attempting to jump to that address is what causes the crash.

但是，这都是非常特定于系统的，并且会根据您放置变量的类型/顺序，调用的函数以及用于编译的优化设置等而有所不同。

But again, this is all very system specific, and can vary based on the type/order you place variables, which functions you call, and what optimization setting you use to compile, among others.

这篇关于是否有可能使该程序崩溃？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！