What is between local buffer and return address on stack?

0

I have one local char buffer size 4 that I fill with strcpy of the main argv[1] that has 4 'A' characters. Using gdb I print out my variable and stack information. I then examine the memory contents.

(gdb) info frame
Stack level 0, frame at 0xbffff0e0:
eip = 0x804848e in main (sbov.c:12); saved eip = 0xb7e2fa83
source language c.
Arglist at 0xbffff0d8, args: argc=2, argv=0xbffff174
Locals at 0xbffff0d8, Previous frame's sp is 0xbffff0e0
Saved registers:
ebp at 0xbffff0d8, eip at 0xbffff0dc
(gdb) print &buffer
$8 = (char (*)[1]) 0xbffff0cf
(gdb) x/5xw 0xbffff0cf
0xbffff0cf: 0x41414141  0x00000000  0x00000000  0xe2fa8300
0xbffff0df: 0x000002b7
(gdb) x/32xb 0xbffff0cf
0xbffff0cf: 0x41    0x41    0x41    0x41    0x00    0x00    0x00    0x00
0xbffff0d7: 0x00    0x00    0x00    0x00    0x00    0x83    0xfa    0xe2
0xbffff0df: 0xb7    0x02    0x00    0x00    0x00    0x74    0xf1    0xff
0xbffff0e7: 0xbf    0x80    0xf1    0xff    0xbf    0xea    0xcc    0xfe

After the last 0x41 and before 0x83, what are the 0x00's? Is this just extra space?

Source Code

/* sbov.c */

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

int
main(int argc, char **argv)
{
    if (argc > 1) {
        char buffer[4];
        strcpy(buffer, argv[1]);
        fprintf(stdout, "echo: %s\n", buffer);
    }
    return 0;
}

Compiler Options

gcc -ggdb -fno-stack-protector

Yes this is for a security class, it is vulnerable to stack overflow on purpose.

c
stack
gdb
asked on Stack Overflow Jun 3, 2016 by CompSci-PVT • edited Jun 4, 2016 by CompSci-PVT

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0