Difference between source code and process in gdb

Question

I tried to solve Protostar heap2.

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <stdio.h>

struct auth {
  char name[32];
  int auth;
};

struct auth *auth;
char *service;

int main(int argc, char **argv)
{
  char line[128];

  while(1) {
      printf("[ auth = %p, service = %p ]\n", auth, service);

      if(fgets(line, sizeof(line), stdin) == NULL) break;

      if(strncmp(line, "auth ", 5) == 0) {
          auth = malloc(sizeof(auth));
          memset(auth, 0, sizeof(auth));
          if(strlen(line + 5) < 31) {
              strcpy(auth->name, line + 5);
          }
      }
      if(strncmp(line, "reset", 5) == 0) {
          free(auth);
      }
      if(strncmp(line, "service", 6) == 0) {
          service = strdup(line + 7);
      }
      if(strncmp(line, "login", 5) == 0) {
          if(auth->auth) {
              printf("you have logged in already!\n");
          } else {
              printf("please enter your password\n");
          }
      }
  }
}

source code is like above. in malloc(sizeof(auth)); I thought parameter will be 36 or more. However result was 4.

0x080489a7 <main+115>:  movl   $0x4,(%esp)
---Type <return> to continue, or q <return> to quit---
0x080489ae <main+122>:  call   0x804916a <malloc>

This is assembly in gdb. I can't understand why parameter is 4. Can anyone explain why?

4 is the `sizeof` a pointer in bytes on a 32 bit system. Did you mean `sizeof(*auth)`? — 001, Nov 11 '16 at 11:38
You mean `sizeof(auth)` result is 4. Becuase it's just size of pointerThen how can this program allocate heap for struct auth — Damotorie, Nov 11 '16 at 11:39
Please see [finding length of array inside a function](http://stackoverflow.com/questions/17590226/c-finding-length-of-array-inside-a-function) — Weather Vane, Nov 11 '16 at 11:39
How it even compiles? With the variable name the same as a type name? — Ari0nhh, Nov 11 '16 at 11:41
@Ari0nhh Structure names ("tags") live in their own namespace. It's not a type-name. — Some programmer dude, Nov 11 '16 at 11:41
I thought this program allocate heap memory for auth in `auth = malloc(sizeof(auth));`. If it's wrong then why `strcpy(auth->name, line + 5);` this expression doesn't make error? — Damotorie, Nov 11 '16 at 11:43
Undefined behavior (which is what you have) sometimes might *seem* to work fine. Until it doesn't (and then often in a horrible way). — Some programmer dude, Nov 11 '16 at 11:44
It means that your UB seems to work, until you are showing the work to your client, or examiner. This can happen because you are running it on a different machine. — Weather Vane, Nov 11 '16 at 11:47
Then in this source code, there are no expression to allocate heap for struct auth? — Damotorie, Nov 11 '16 at 11:48
No, you are only allocating space on the heap for a *pointer* to a `struct auth`, not the full structure (which, as has been mentioned, would be `sizeof(*auth)`) — Some programmer dude, Nov 11 '16 at 11:55
After a quick search for ["Protostar heap2"](https://exploit-exercises.com/protostar/heap2/), it looks like the example is supposed to show the bad things that can happen with poorly written memory management. — 001, Nov 11 '16 at 12:02

Difference between source code and process in gdb

0 Answers0