Wednesday, 15 February 2012

parameters - Segmentation fault after invoking free() method but only with certain values -


I found this little program in C, I am posting its code:

 < Code> # include & lt; Stdio.h & gt; # Include & lt; Stdlib.h & gt; #include & lt; String.h & gt; Int main (int argc, char * argv []) {char * char_ptr; Int * int_ptr; Int mem_size; If (argc & lt; 2) {mem_size = 50; } And {mem_size = atoi (argv [1]); } Printf ("\ t [+] allocation of% d bytes on the stack to bunk; \ n", mem_size); Char_ptr = (four *) malloc (mem_size); If (char_ptr == NULL) {fprintf (stderr, "Error: Could not allocate HAP memory. \ N"); Exit (-1); } Strcpy (char_ptr, "This storage is in pile segment"); Printf ("char_ptr (% p) - & gt; '% s' \ n", char_ptr, char_ptr); Printf ("\ t [+] allocated 12 bytes of memory on the heap for int_ptr \ n"); Int_ptr = (int *) molk (12); If (int_ptr == NULL) {fprintf (stderr, "Error: Could not allocate HAP memory. \ N"); Exit (-1); } * Int_ptr = 31337; Printf ("int_ptr (% p) ->% d \ n", int_ptr, * int_ptr); Printf ("\ t [-] frees Four-IPTR's heap memory ... \ n"); Free (char_ptr); Printf ("\ t [+] all 17 bytes for char_ptr \ n"); Char_ptr = (four *) molk (17); If (char_ptr == NULL) {fprintf (stderr, "Error: Could not allocate HAP memory. \ N"); Exit (-1); } Strcpy (char_ptr, "new memory"); Printf ("char_ptr (% p) - & gt; '% s' \ n", char_ptr, char_ptr); Printf ("\ t [-] HIP Memory of Free int_ptr. \ N"); Free (int_ptr); Printf ("\ t [-] Remain four-IPTR memory \ n"); Free (char_ptr); Printf ("Program is going \ n"); Return 0; }   

When I run it with large or equal 29, it's all right. But if I take 28 or less space then Partitioning goes to the fault. I was thinking about the problem of an address between the stack and the stack, the problem is () int_ptr is on the call Can someone help me?

Thank you so many people is a good day

The first string that you have four- Copy in the APTR memory ( "This is in Memory heap segment" ), which is 35 bytes long, including the elimination of the NUL byte, for your all the parameters of less than 35 Will corrupt.

Just by chance it works below you for 29, probably does not rely on data overwrite.

No comments:

Post a Comment