C-language printf () function to understand and security risks

Source: Internet
Author: User

First, the problem description

Ii. further clarification

Please watch carefully, there are strange phenomena

   int a=5;        Floatx=a;     Here the conversion is no problem,%f print x is 5.000000               printf ("%d\n", a);          printf ("%f\n", a);  Why is the output 0.000000? -----Question 1        printf ("%f\n", x);        printf ("%d\n", x);  Why is the output 0?        -----Question 2        printf ("%f,%f\n", a,x);  The output is 0.000000  why?            ----Question 3        printf ("%f,%f\n", x,a);  Change the order of a,x, Normal, why?  ----Question 4        printf ("%d,%f\n", a,x);         GetChar ();        Return0;


Three, the principle explanation of printf () function

Understanding these issues first requires understanding how the printf () function works.

printf () maintains a stack of variables that need to be printed, and by default, the order of the arguments into the stack is right-to-left, so that the parameters go into the stack after the memory model as shown:

When printing, printf extracts the data from the low address in the format specified by the character conversion specifier until the parameter is printed out.

For example, the%f specifier extracts 8 bytes of data, and when%d is encountered, it extracts 4 bytes. See here, you might ask a question, what if the number of bytes in the back is not enough?

Congratulations, you've discovered the security implications of printf (), yes, it will forcibly read data from adjacent memory as normal data output ———— is likely to generate heap overflow!

For example, this code:

    Char string[]= "Hello world!";    printf ("String:%s  , forcibly read again:% #p, read again:% #p \ n", String);

The output is as follows:

    String:hello world!  , forcibly read again: 0x001c1073, read again: 0x001c1073


Iii. explanation of the problem

(1) question 1: printf ("%f\n", a) Why is the output 0.000000?

A:%f extract 8 bytes, a only 4 bytes, the extracted number accounted for the exponential portion of the float notation, the tail part is divided into 0, so the end is 0

(2) Question 2: Why is printf ("%d\n", x) output 0?

A:%d fetches 4 bytes, X has 8 bytes, the extracted number is actually the exponential portion of the float notation (exactly 0), so the end is 0

(3) Question 3: printf ("%f,%f\n", a,x); The output is all 0.000000 why?

Answer: Referring to the explanation of question 1, after extracting eight bytes, the back is already disorderly

(4) Question 4: printf ("%f,%f\n", x,a); Change the order of a,x, Normal, why?

A: This is the normal situation.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

C-language printf () function to understand and security risks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.