1

I have a code for which the char array size is 8. If the gcc to compile the code with -fno-stack-protector, the stack smashing detected will only be detected after the string size is 12, such as 12345678901234567890. If I use -fstack-protector, size 9 input will cause segmentation fault as shown below. May I know why the error only be detected at size 12 String input, not other numbers?

I did try different inputs with different char array sizes, the error will be detected when the overflow size is 11 to 13 (input size - char array size).

Code:

#include <stdio.h>

int i;

void readinput()
{
    char c, buf[8]; 
    int i;

    printf("Enter a string: ");
    for (i = 0; (c = getchar()) != '\n'; i++) buf[i] = c;
    buf[i] = '\0';
    printf("string = [%s]\n", buf);
}


int main(int argc, char *argv[])
{
    readinput();
    return 0;
}

enter image description here

Improve this question
4
  • 6
    Undefined behaviour can do whatever it likes. There is no rhyme or reason to what will happen. Commented Mar 25, 2022 at 10:03
  • 2
    A wire is rated with 100 kg strength. Why doesn't it snap at 101 kg tension? Commented Mar 25, 2022 at 10:11
  • 1
    Leak detection tools will only trigger on stack based variables when you get past the stack frame. If you don't exceed the stack frame, and corrupt neighbouring variables, nothing will be reported. Commented Mar 25, 2022 at 10:35
  • 1
    You are allowed to write to c and i. Commented Mar 25, 2022 at 10:47

1 Answer 1

Reset to default
1

The code does not check that i is less than the length of the array, so it has undefined behavior if user input exceeds 7 characters. Enabling compiler options for buffer overflow checking is not foolproof, not every offending access is tested. The C programmer is in charge, good practices are needed to try and avoid such problems.

Here is a modified version:

#include <stdio.h>

void readinput(void) {
    char buf[8]; 
    size_t i;
    int c;

    printf("Enter a string: ");
    for (i = 0; (c = getchar()) != EOF && c != '\n';) {
        if (i + 1 < sizeof(buf))
            buf[i++] = c;
    }
    buf[i] = '\0';
    printf("string = [%s]\n", buf);
}

int main(int argc, char *argv[]) {
    readinput();
    return 0;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Nice improvements with size_t i, int c, != EOF, i + 1 < sizeof(buf).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.