C-language printf () function specific explanations and security implications

Source: Internet
Author: User

I. Descriptive narrative of the problem

Ii. further clarification

Please look carefully, there are strange phenomena such as the following

        int a=5;        Floatx=a;     There is no problem in converting here. %f print x is 5.000000               printf ("%d\n", a);          printf ("%f\n", a);  Why is the output 0.000000? -----Question 1        printf ("%f\n", x);        printf ("%d\n", x);  Why is the output 0?        -----Question 2        printf ("%f,%f\n", a,x);  The output is 0.000000  why?            ----Question 3        printf ("%f,%f\n", x,a);  Change the order of a,x, Normal, why?  ----Question 4        printf ("%d,%f\n", a,x);         GetChar ();        Return0;


Three, the principle explanation of printf () function

Identifying these issues first requires a clear idea of how the printf () function works.

printf () maintains a stack of variables that need to be printed. By default, the order of the input stacks is by right-to-left, so that the memory models that are counted into the stack later are as seen:

When printing, printf extracts data from the low address in the format specified by the character conversion specifier. Until the parameters have been printed out.

For example, encountering the%f specifier extracts 8 bytes of data, and when%d is encountered, it extracts 4 bytes. printf () does not actually know the number of arguments, it simply prints the contents of the following address in the stack, sequentially, according to the number of print formats in format.

In this way, printf () is actually a security risk--yes, it will force read memory data as normal data output, no boundary detection ———— is very likely to generate heap overflow!

For example, this code:

    Char string[]= "Hello world!";    printf ("String:%s  , forcibly read again:% #p \ n", String);
    printf ("String:%s, forcibly read again:% #s \ n", String);

The output is as follows:

    String:hello world!  
    String:hello world! , forcibly read again: 閮


Iii. explanation of the problem

(1) question 1: printf ("%f\n", a) Why is the output 0.000000?

Answer:%f extract 8 bytes. A has only 4 bytes, and the extracted numbers account for the exponential portion of the float notation. The number of tails is divided into 0. So it's finally 0.

(2) Question 2: Why is printf ("%d\n", x) output 0?

A:%d extracts 4 bytes, X has 8 bytes. The extracted number is actually the exponential portion of the float notation (exactly 0), so it's finally 0.

(3) Question 3: printf ("%f,%f\n", a,x); The output is all 0.000000 why?

Answer: Take the explanation of question 1. After extracting eight bytes, the back is already messed up.

(4) Question 4: printf ("%f,%f\n", x,a); Change the order of a,x, Normal, why?

A: This is the normal situation.

C-language printf () function specific explanations and security implications

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.