The malloc algorithms are vulnerable to buffer overflow in most conditions, which I don't think I realised here : after the overflow, you need a free or a malloc, which will try to optimise the heap, and will overwrite some location of the memory. your static char [] is located in the bss; this mean it's into the heap, but before malloc informations; if you don't have any malloc() before and no any free() or malloc behind, things you overwrite will never cause crash, unless you don't go through the brk() zone. There are a lot of articles in the net explaining buffer overflow in the heap, and two really good ones are in phrack the-one-before-last, you can find it at www.phrack.com please correct me if I'm wrong SpaceWalker On Wed, 01 May 2002 22:14:10 +0200 melsa <3melsa3at_private> wrote: > > but what about the heap ? > > ---------------------------------------------------------- > main(int argc,char **argv) > { > static char buf [1024]; > strcpy(buf,argv[1]); > printf("%s",buf); > }
This archive was generated by hypermail 2b30 : Thu May 02 2002 - 10:31:18 PDT