0

I don't know much about hacking, c, assembly, memory and all that stuff so I coudln't resolve my question by my self.

So, buffer overflow overflows into other address of variables and corrupts them. So I tested and it really does. And I thought that if it can overflow constant variable buffer overflow must be super powered and I tested, but it doesn't overflow const variable.

Why is that?

int a;
char buffer[8];

and

const int a;
char buffer[8];

has address of variable 'buffer' in front of address of variable 'a' by size of the 'buffer'. Is there something special in const variable when allocated to a memory?

my sample code:

#include <stdio.h>
#include <string.h>

int main() {
    char buffer1[8];
    const int a=0;                      //vs int a=0;
    char buffer2[8];

    strcpy(buffer1,"one");
    strcpy(buffer2,"two");

    printf("Buffer 2    [%p]: %s\n",buffer2,buffer2);
    printf("a           [%p]: %d\n",&a,a);
    printf("Buffer 1    [%p]: %s\n",buffer1,buffer1);

    printf("\nCopy Buffer\n\n");
    strcpy(buffer2,"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");

    printf("Buffer 2    [%p]: %s\n",buffer2,buffer2);
    printf("a           [%p]: %d\n",&a,a);
    printf("Buffer 1    [%p]: %s\n",buffer1,buffer1);

    return 0;
}
user3290525
  • 695
  • 3
  • 8
  • 24
  • 1
    Read this: http://stackoverflow.com/questions/14588767/where-in-memory-are-my-variables-stored-in-c – kol Apr 01 '14 at 20:11
  • It is *undefined behaviour*, so it *can* trash `const` variables. – juanchopanza Apr 01 '14 at 20:13
  • @AndrewMedico There is nothing to say the address (or at least, the offset wrt other variables) should change, at least in C++. – juanchopanza Apr 01 '14 at 20:24
  • I don't think you tested what you think you tested. You tested the *output* of a particular program but you intended to test the *action* of a particular undefined behaviour. In the example you give, *those two things can be uncorrelated*. Think about ways that you could *actually* test for what the undefined behaviour really did. – Eric Lippert Apr 01 '14 at 20:38
  • @kol Answer to that question says const variable is saved in code and/or data segment. But when I run my sample code the memory address is like...buffer 2 [001CFA34], a [001CFA44], buffer 1[001CFA50]. If a were to be allocated in code or data, shouldn't it's address be lower than address of buffer 2 and 1 because buffer 2 and 1 are saved on stack? – user3290525 Apr 02 '14 at 07:13

3 Answers3

5

Three things come to mind:

  1. This is undefined behavior, so all bets are off the table.
  2. The compiler doesn't even have to look at what a is. If I were a compiler, I would just look at that code and say "a is always zero, so I'm just going to go ahead and replace a with 0." The thing is, when you say printf("%p %d", &a, a);, the compiler doesn't even have to get the contents of a. It knows it's going to be zero, always and forever.* So it can just change that code to printf("%p %d", &a, 0);.
  3. Even if a were not const, the compiler would be allowed to "cache" the value of a in a register. It only needs to look up the value once, and then it knows that a never changes*, so it can reuse the value it looked up from before.

*Compilers will make a lot of assumptions, like "this code doesn't invoke undefined behavior." If you invoke undefined behavior, the compiler might make some "wrong" assumptions. Which it probably does, in this case.

Cornstalks
  • 37,137
  • 18
  • 79
  • 144
1

Buffer Overflow is UB, so anything can happen.

Also, your compiler could optimize away your const variable, because it has a constant value determined at compile time.

Deduplicator
  • 44,692
  • 7
  • 66
  • 118
1

An implementation is allowed to put a const-qualified object in a different memory segment altogether, so that may be why it isn't affected (emphasis on may; since behavior on buffer overflow is undefined, there could be any number of reasons).

Online C 2011 standard, section 6.7.3, footnote 132:

The implementation may place a const object that is not volatile in a read-only region of storage. Moreover, the implementation need not allocate storage for such an object if its address is never used.

John Bode
  • 119,563
  • 19
  • 122
  • 198