Issues with printf parameters

According to one of the previous articles, it is clear that for each function, the [ebp+x] of the function can directly access the value of the parameter passed in when it is called, and the local variable can be accessed directly by [Ebp-x].

So printf this function of the indefinite parameter implementation is implemented through the stack mechanism, when the actual parameter is passed, from the right to the left, the parameters are pressed into the stack, but the data of these presses into the stack is no type distinction, is to put the corresponding data into the stack in sequence. The last parameter, "%d%d%d", which is pressed into the stack, is what determines the type of printf parameter. When the execution control of the program arrives in printf, printf controls the type sequentially from the beginning of the passed-in argument, in the form of a string similar to "%d%d%d". This string controls the number and type of outputs. At the same time, this string does not cross detect.

int a = 10;printf ("%d%d%d\n", a);

This print out of bounds is not detected, the function calls the former argument stack a, and then presses the stack "%d%d%d\n" type control string. At the end of the function call in printf, three int is printed sequentially from the previously pressed argument, although the argument to the stack has only one int, but there is no out-of-bounds detection, so three int will be printed.

Issues with printf parameters