0

I have some doubts regarding character array in C, I have a character array of size 1, logic says that when I input more than 2 characters, I should be getting a segmentation fault, However puts prints out the array properly whereas printf prints some parts of the array along with garbage value, Why is this happening

#include<stdio.h>
int main()
{
int i;
char A[1];
printf("%d\n",(int)sizeof(A));
gets(A);
puts(A);
for(i=0;i<8;i++)
{
printf("%c\n",A[i]);
}
}

O/P:

1
abcdefg
abcdefg
a




f
g

To add to this I have to type in multiple characters of the array size in the program to throw a segmentation fault. Is it because of the SFP in the stack? The size of SFP is 4 bytes Please correct me if I'm wrong

1
abcdefghijklmnop
abcdefghijklmnop
a




f
g
h
Segmentation fault
Improve this question
3
  • 2
    Writing to invalid memory yields undefined behavior.... which means the results are not necessarily intuitive nor consistent. Somethings things appear to work or partially work -- but generally not if you rely on it ;) Commented Oct 20, 2013 at 2:56
  • I do understand that however puts seems to work consistently every time in the above program. Commented Oct 20, 2013 at 2:58
  • There's a huge gap between "seems to work consistently" and "does work consistently". When looking at it only within the scope of your current program, it very well might work consistently forever -- however subtle changes (moving variable definitions, moving code from one routine on the stack to another, changing to a new compiler, compiling with different flags) have the potential to break things. Commented Oct 20, 2013 at 10:29

2 Answers 2

Reset to default
1

OK, others explained it in high-level language and elder's expierence.

I would like to explain your situations in the assembly layer.

You know why your first situation ran without accident?

Because your buffers overflow does NOT destory other processes's memory, So the OS does't signal a Segmentation fault to your process.

And why your stack's length is more than your array's size?

Because of the aligning. Many OS reqiures a stack frame aligning x bytes to implement efficient addressing.

x is machine-dependent.

e.g, If x is 16 bytes.

char s[1] will lead the stack to 16 byte; 
char s[17] will lead the stack to 32byte.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0
  1. Actually even when you write only one character, it's still buffer overflow, because gets() will write a null character to the array.
  2. Buffer overflow doesn't necessarily mean segmentation fault. You can't rely on undefined behavior in any ways. Possibly it just took the program several times to break the memory that it shouldn't write.

It seems that you have known that gets() is dangerous and should be avoided, I added this just in case.

Improve this answer

2 Comments

I'm trying to implement a stack smashing attack for homework, however the program I wrote for that implements a function call and gets the input in the function, gets wasn't segment faulting until I was typing in about 8 * array size. So as to further understand the problem I wrote the above piece of code
@user2433145 Yeah, the main idea is you can't rely on undefined behavior to work, you can't rely on it to not work either.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.