All geek questions in one place

Is it possible to use an array as the last named argument for a function variable that will lead to a buffer overflow?

I found this paragraph on the manual page for stdarg.h:

Since the address of this parameter is used in the va_start () macro, it should not be declared as a register variable or as a function or array type.

So, register a variable that I understand, since the register cannot be addressed by a pointer. A function that I understand, since you will get a return value that will use immediate addressing rather than indirect address register addressing.

I am wondering what will happen if you used an array as a parameter. Suppose you are using an array of three types int. Will this cause the first element of the array to be used as the last named parameter, while the next two elements will be used as values ​​for the arguments to the variable? This will be an invalid buffer.

I am also wondering if this will lead to a security vulnerability, for example. someone can enter the elements of an array and have a function to do what it should not have done, because it thinks that the additional elements of the array are variable parameters.

Also, what about a family of functions printf? They use character arrays as their last named arguments. How do they not face problems?

+4
2

.

, , .

6.7.6.3 C Declarators :

7 " " " " , ( ) , [] . static [] , , .

8 " " " " , 6.3.2.1

, va_start, register. , .

0

, .

.

, sizeof() ( ) , . .

:

#include <stdio.h>

void test(void (*f)(), int a[3]) {
    printf("sizeof(f): %lu\n", sizeof(f));
    printf("sizeof(a): %lu\n", sizeof(a));
    printf(" f: %p\n", f);
    printf("&f: %p\n", &f);
    printf(" a: %p\n", a);
    printf("&a: %p\n", &a);
}

void foo() {}

int main() {
    int ints[3] = { 1, 2, 3 };
    test(foo, ints);
}

, gcc:

address.c: In function β€˜test’:
address.c:6:38: warning: β€˜sizeof’ on array function parameter β€˜a’ will return size of β€˜int *’ [-Wsizeof-array-argument]
     printf("sizeof(a): %lu\n", sizeof(a));
                                      ^
address.c:4:28: note: declared here
 void test(void (*f)(), int a[3]) {
                            ^

, -, , , , , ( -) .

sizeof() , , , , va_start/va_arg .

0

Source: https://habr.com/ru/post/1693542/

More articles:


All Articles