PC register changes supplied value


I'm new to buffer overflows and although I believe I get the process, I feel that something is wrong here. I am studying from a book about exploitation and in the example, there is a simple buffer overflow on a 16 bytes string. This is the code of the binary.

#include <stdio.h>
#include <string.h>

void vuln(){
    char buff[16];
    printf("You entered: %s",buff);

void secret(){
    printf("My secret is 131313");

int main() {
    return 0;

As you can guess, the goal is to call the secret function. I compile it on my Mac using Clang with the following arguments -arch armv7 -fno-stack-protector -fno-pie, so no protection and ARMv7 architecture. It runs normally on the iPhone and when it asks for user input I enter 32 bytes, in groups of four like this AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH. When the application crashes I check on iOS logs and I can see that the crashing happens where the Fs start from.

What I expected to see, is that the pc register will have value 0x46464646 for F, but actually it returns 0x46464644.

These are the values of the registers at the time of crash.

Thread 0 Crashed:
0   ???                             0x46464644 0 + 1179010628

Thread 0 crashed with ARM Thread State (32-bit):
    r0: 0x0000002d    r1: 0x00000000      r2: 0x3ba30f80      r3: 0x00000000
    r4: 0x00000000    r5: 0x0000bf71      r6: 0x00000000      r7: 0x45454545
    r8: 0x00201854    r9: 0x00000000     r10: 0x00000000     r11: 0x00000000
    ip: 0x00012068    sp: 0x00201834      lr: 0x0000bf53      pc: 0x46464644
  cpsr: 0x40000010

Also, I tried with just 40 As and it returned 0x41414140. Why it does not return the input entered as expected?

Thank you

asked on Stack Overflow Feb 7, 2019 by marduc812 • edited Jul 30, 2019 by artless noise

1 Answer


In case anyone has the same issue as me, I found out that r15 or pc should always be divided by 4 in ARM. From the official ARM Documentation:

Note that r15 cannot be used with writeback, and that offset must be divisible by 4

answered on Stack Overflow Feb 11, 2019 by marduc812

User contributions licensed under CC BY-SA 3.0