Hi,

Why I don't receive a segmentation fault in the following sample.

int main(void)
{
char buff[10];
sprintf(buff,"Hello world");
printf("%s\n",buff);
}

If I define a buffer of 10 elements and I'm trying to put inside it twelve elements, Should I receive a sigsev signal???

Thanks in advance!

Actually, not quite.
SegFault (in this case) goes when the EIP register point's to a invalid memory address to execute, and just 2 bytes aren't enough to reach the EIP, however try with 500 chars , you should get your SegFault.

Hi Zarnick,

So, you mean that when I overwrite the return instruction pointer on the procedure stack I should receive a SegFault, but if I don't reach it I don't? and why not 2 bytes aren't enough??

Sorry, I don't want to be annoying!

Thanks!!

Another reason to use snprintf() instead of sprintf() because sprintf() does not check for bounds.

I wouldn't know for sure why 2 bytes are just not enough, I think it's something to do with the pointers used to allocate the enough memory for your char[10] string. But I can be wrong on this one.

And at least from what I can remember, I never saw a segfault that wasn't about the EIP register being overruned, as always, I can be wrong.

Shamrock -
He is trying to create a SIGSEGV. To test some other code. This corrupts the stack on HPUX PA_RISC boxes, and then dumps core:

Hi All,

Certainly I'm fixing an application with this type of code and I've replaced the sprintf by snprintf function, but I have to explain to my boss why I'm doing it and I need to show him the application crashing.

The original message in the printf function overcomes the boundaries only for 2 bytes and it doesn't crash, I don't know how to do it and I don't know if its behavior is deterministic or not.

Thanks to all of you for your support!!!!!