Hi,

Why I don't receive a segmentation fault in the following sample.

int main(void)
{
char buff[10];
sprintf(buff,"Hello world");
printf("%s\n",buff);
}

If I define a buffer of 10 elements and I'm trying to put inside it twelve elements, Should I receive a sigsev signal???

Thanks in advance!

Actually, not quite.
SegFault (in this case) goes when the EIP register point's to a invalid memory address to execute, and just 2 bytes aren't enough to reach the EIP, however try with 500 chars , you should get your SegFault.

Hi Zarnick,

So, you mean that when I overwrite the return instruction pointer on the procedure stack I should receive a SegFault, but if I don't reach it I don't? and why not 2 bytes aren't enough??

Sorry, I don't want to be annoying!

Thanks!!

Another reason to use snprintf() instead of sprintf() because sprintf() does not check for bounds.

I wouldn't know for sure why 2 bytes are just not enough, I think it's something to do with the pointers used to allocate the enough memory for your char[10] string. But I can be wrong on this one.

And at least from what I can remember, I never saw a segfault that wasn't about the EIP register being overruned, as always, I can be wrong.