缓冲区溢出没有发生 [英] Buffer Overflow not happened
问题描述
我试过这个样品C code:
INT的main()
{
int数组[5];
INT I; 对于(i = 0; I< = 255;我++)
{
数组[我] = 10;
}
}
和使用编译:
的gcc -o -m32的a.out buffer2.c
我的问题是,为什么没有分割的错吗?
我使用Linux的卡利64
VENDOR_ID:GenuineIntel
型号名称:英特尔(R)酷睿(TM)i3的CPU中号350 @ 2.27GHz
架构:x86_64的
的CPU的运算模式(多个):32位,64位
字节顺序:小尾数
我加入这两条线编辑code:
INT的main()
{
INT X = 12; int数组[5];
INT I; 对于(i = 0; I< = 255;我++)
{
数组[我] = 10;
} 的printf(%d个\\ N,X);
}
这就是结果:
10
分段故障
有没有运行时的界限C.检查写入到一个数组的边界之外的元素中的未定义行为。未定义行为意味着什么都可以尽可能的标准是关于发生。所以,虽然分割故障是相当有可能的,这绝不是一种保障。
只是因为没有一个分段错误并不意味着没有一个缓冲区溢出。有酷了。它只是没有造成分段错误这一次。这种类型的错误是严重的,可能会导致一些安全问题。这个故事的寓意是不会导致缓冲区溢出,直到永远。这不是安全的,你不能依靠C到保护你。
I tried this sample c code:
int main()
{
int array[5];
int i;
for (i = 0; i <= 255; i++)
{
array[i] = 10;
}
}
and compile it using:
gcc -m32 -o a.out buffer2.c
my question is why there is not Segmentation fault?
i use kali linux 64
vendor_id : GenuineIntel
model name : Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
I edited code by adding these two lines:
int main()
{
int x = 12;
int array[5];
int i;
for (i = 0; i <= 255; i++)
{
array[i] = 10;
}
printf("%d\n", x);
}
and that is the result:
10
Segmentation fault
There's no runtime bounds checking in C. Writing to elements outside the bounds of an array is undefined behavior. Undefined behavior means that anything can happen as far as the standard is concerned. So, although a segmentation fault is fairly likely, it's by no means guaranteed.
Just because there wasn't a segmentation fault doesn't mean there wasn't a buffer overflow. There definitely was. It just didn't result in a segmentation fault this time. This type of error is serious and can cause a number of security problems. The moral of the story is don't cause a buffer overflow, ever. It's not safe, and you can't rely on C to protect you.
这篇关于缓冲区溢出没有发生的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
