Memory layout and variable declaration order

Question

Consider this intentionally broken program, modified from Zed Shaw's C tutorial, which creates a char array and leaves of the terminating \0:

#include <stdio.h>

int main(int argc, char *argv[])
{
  char name[] = "Zed";
  char full_name[] = {
    'Z', 'e', 'd',
    ' ', 'A', '.', ' ',
    'S', 'h', 'a', 'w'
  };

  printf("name=\"%s\" and full_name=\"%s\"\n", name, full_name);

  return 0;
}

The output is:

name="Zed" and full_name="Zed A. ShawZed"

And Zed's comments suggest this output is expected, ie, the memory seems to be laying out full_name first and then name, contiguously. Is this behavior specified in C? Does the compiler always layout the memory in reverse order? If not, what is the principle he's depending on?

If we switch the order in which we declare the variables:

char full_name[] = {
    'Z', 'e', 'd',
    ' ', 'A', '.', ' ',
    'S', 'h', 'a', 'w'
};
char name[] = "Zed";

Then we get the expected garbage characters at the end of the unterminated char array:

name="Zed" and full_name="Zed A. Shaw4¦h4¦¦+"

You in the realms of undefined behavior. Anyway why are you writing silly code? — Ed Heal, Feb 17 '14 at 00:27
Part of Zed's approach is to teaching is to have you intentionally break code so you can understand the internals better. If you read the link it should make sense. — Jonah, Feb 17 '14 at 00:28
All you learn is about that particular implementation of the compiler at that optimization level.Do you have an interest in promoting the link? — Ed Heal, Feb 17 '14 at 00:33
Not at all. I happen to be brushing up my very old C skills through the tutorial because I've heard good things about it. I included the link because I suspected some people like yourself would simply question the question, rather than answering it, unless I had a respected source validating the pedagogical benefits of the question. Insinuating that I am spamming for Zed is pretty ridiculous given my history on this site, which is public and you are free to browse. — Jonah, Feb 17 '14 at 00:38
As I state in the OP, I modified it to remove pieces that are not relevant to the question. Scroll down to the section "How To Break It" to see the motivation for this question. — Jonah, Feb 17 '14 at 00:44
@EdHeal Heal The order of the variables into the stack is important for buffer overflow attacks, as it explained on "hacking the art of exploitation 2nd ed., pagg.119 to 133. — AndrewBloom, Jun 20 '17 at 15:28
(auto) variables are allocated on the stack, hence this answer is related to your question https://stackoverflow.com/questions/1677415/does-stack-grow-upward-or-downward — AndrewBloom, Jun 20 '17 at 16:05

score 3 · Accepted Answer · answered Feb 17 '14 at 00:51

3

Is this behavior specified in C?

No.

Does the compiler always layout the memory in reverse order?

No.

If not, what is the principle he's depending on?

He's not relying on a principle; rather, on the behaviour of particular C compilers. Not all of them will produce the same results. It's undefined behaviour, and so anything (or nothing) could be printed.

answered Feb 17 '14 at 00:51

rici

234,347
28
237
341

would be interesting to have some references, or examples where the behaviour is different, because it seems important for buffer overflow attacks (see my comment on the question). – AndrewBloom Jun 20 '17 at 15:30

Memory layout and variable declaration order

1 Answers1