A dead machine with a printf function

Source: Internet
Author: User

Today, my colleagues have solved a problem. I have made some suggestions and I have come up with them.

We are familiar with printf function numbers, including % s, % d, % P, % u, and so on. You can also directly printf ("XX string"), or:

Char STR [] = "xxxxxx"; printf (STR );

If this happens, it will fail:

Printf ("str = % s \ n ");

This is because the data volume is not enough.

But have you been involved in the following cases?

Char STR [] = "im a good man % s \ n"; printf (STR );

This generation can pass and run,... It seems a bit problematic.

It is easy to see that printf will find a % s when parsing the string, so it will probably replace % s with a later digit, but which of the following vertex numbers?

Printf functions, but I don't know them. It assumes that they exist, so we act as "Examples". on x86, it will find them in the heap memory, in this case, we only counted one data entry in STR, and the CPU looked up. It thought that the data below STR was the data entry, therefore, we can use it without any hesitation... However, it may be something else, such as the IP address and EBP in the queue. If the value it obtains is an internal memory that cannot be accessed, the program will be finished. On PPC, the CPU will use the R4 register, and the sentiment is the same. Who knows what the R4 memory is!

 

In this case, no programmers will answer this question. However, if our printf contains changes, we have to take more tests. For example, if we want to extract a string or a piece of ciphertext that uses ciphertext, the content in it may be uncontrollable, there may be things like % s and % d. Limitation or clarification is required.

 

Now I think about why I didn't want to use printf directly when HW data was used.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.