Parra
that it's commonly used in linux kernel
Liam
it wont work in other compilers unless they support the same extension
It's not an extension... It dependes on how compiler allocate variables on stack memory. It's just undefined behavior.
Parra
i think it wont compile
Parra
unless you enable the extension
Liam
that it's commonly used in linux kernel
If this is true, please consider to open an issue for the kernel. It's a bug, not feature.
Parra
😂
Parra
no mate, they use it
Parra
it's a gcc extension
Parra
https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
Parra
that gcc extension
Parra
it's a common pattern in c
Parra
for doing variable size structs with a common header
S.
Oh it's that old school thing (
Liam
I'll update it.
Parra
the normal way of doing it is with size 1
Parra
but with the gcc extension you can do with size 0
Parra
so you can have a one byte less
Parra
and maybe improve padding
Liam
#include <stdio.h>
int main() {
int before1 = 0;
int before2 = 0;
int a[2];
int after1 = 0;
int after2 = 0;
printf("before: %d %d, after: %d %d.\n", before1, before2, after1, after2);
a[0] = 42;
a[1] = 43;
a[2] = 44;
a[3] = 45;
printf("before: %d %d, after: %d %d.\n", before1, before2, after1, after2);
return 0;
}
gives:
$ ./a.out
before: 0 0, after: 0 0.
before: 0 0, after: 45 44.
Liam
This is not an extension any longer, right?
Parra
it isn't
Parra
I don't have idea about your example, i only wanted to clarify [0] thing
Liam
and binary compiled by clang gives:
$ ./a.out
before: 0 0, after: 0 0.
before: 45 44, after: 0 0.
Liam
But for this discussion, I just wanna show memory violation is undefined behavior, though the code sometimes work without RE.
Bruce
Guys got it ,the error,u r right, it is fault in array size declaration,I put the size a[1000] then I got it
Parra
XD
S.
#include<stdio.h>
int main()
{int T,A,B,i,a[T];
For his code, why did you assume T got the value of 0?
Parra
it won't, that value will be garbage at that point
Parra
also, compiler will complain
Parra
at least a warn
S.
yea
S.
the compiler should complain
Parra
you are overwriting the return address
Parra
well, not sure
Parra
but you are overwriting something
Parra
😂
Liam
Exactly.
Liam
Hmmmm, interesting!
The return address is higher than any stack vars in the function. And for an array, out-of-boundary store may ruin the return address.
If I store a function pointer into that snippet of memory by mem-violation... I get a hack attack for the program?
Liam
←_←
Liam
I'll check this later.
S.
For old versions it's OK
S.
but current compilers should by default generate some mechanism to check it
Liam
but current compilers should by default generate some mechanism to check it
It's easy to break the dignose of compiler. This would not become an issue.
S.
I meant the runtime check
Liam
Compilers are not able to do runtime check...
Liam
They just do statically analysing on compilling time.
S.
I know ... I meant the compiler could insert some protector code into your code
Parra
that's how it works
Parra
you can insert opcodes there
Parra
and do ROP for example
Parra
return oriented programming
Parra
hahaha
Parra
I know ... I meant the compiler could insert some protector code into your code
stack smash protector
Parra
gcc has things like that
Parra
Thanks!
You opened the door of hacker for me!
rop is very old and common used to do launchers for more advanced payloads
Parra
return oriented programming is a way to find opcodes in your program before all returns
Parra
so that you can compose that instructions to create an effective code
Parra
of course the stack gets fucked but you use that as a coding tool
S.
Thanks!
You opened the door of hacker for me!
https://stackoverflow.com/q/2340259/824501
This post may help
Parra
then you can use this to implement a syscall and do a more sophisticated payload loading
Parra
for example, doing an exec
Parra
so you can recover from that stack fucked program and run your payload
Parra
:F
Pete
Can a C++ file use a C file?
Pete
I have a main program in c++ but I want to interact with a physical motor, which is with c
Parra
yes