SI202: Week 1



EC312 Homework 5

Name: _Solutions______________

Read: (1) Lecture 5 Notes

(2) Hacking, the Art of Exploitation, pages 43-47

1. Examine the program char_array.c which already exists in the booksrc directory.

(a) How does a program know it has reached the end of a string?

It reaches the null terminator 0x00

(b) How many more characters could legitimately fit into this particular string?

5

2 Given the string declaration below, mark each strcpy() function call as Safe (S) or Unsafe (U).

char President[8];

(a) strcpy( President , “Monroe\n”); S

(b) strcpy( President , “Polk\t”); S

(c) strcpy( President , “Cleveland\n”); U (10 characters + null = 11)

(d) strcpy( President , “Garfield”); U (8 characters + null = 9)

3. Given the following variable declarations:

int foo;

char *bar;

and the following memory layout (all values in hexadecimal):

Address Data

|42 |52 |41 |56 |

|4F |21 |00 |00 |

|A0 |83 |04 |08 |

|05 |DB |66 |A2 |

080483A0

080483A4

080483A8 bar

080483AC foo

What is the value of:

(a) &foo 0x080483AC [The address of the variable foo]

(b) foo (in decimal) 2,724,649,733 [The value stored at foo (in little-endian format) is 0xA266DB05,

which converts to 2,724,649,733 in decimal (i.e. base-10)]

(c) bar 0x080483A0 [The address stored in the pointer bar,

in little-endian format]

(d) &bar 0x080483A8 [The address of the pointer bar]

(e) *bar ‘B’ or ‘Bravo!’ are both acceptable answers. [We are dereferencing the pointer bar, i.e. this is “the value at the address which bar points to”. In gdb, “print *bar” will return ‘B’, while “x/s 0x080483A0” will return ‘Bravo!’, i.e. the string that is stored starting at 0x080483A0 and ending at the null terminator.]

|080483A0 |

|080483A1 |

|080483A2 |

|080483A3 |

|080483A4 |

|080483A5 |

|080483A6 |

|080483A7 |

|080483A0 |080483A1 |080483A2 |080483A3 |

|080483A4 |080483A5 |080483A6 |080483A7 |

4. What is the output of the following program?

#include

int main( )

{

int a = 5, b = 10;

int *ptr = &a; //This declares the pointer ptr and initializes it to point to the address of a.

b = *ptr ; //This takes the value at the address in ptr (i.e. the value of a, which is 5) and assigns it to b.

printf("%d \t %d \n" , a , b );

}

Printf statement result: 5 5

5. What is the output of the following program?

#include

int main( )

{

int a = 5, b = 10;

int *ptr = &a; //This declares the pointer ptr and initializes it to point to the address of a

*ptr = b; //This takes the value of b (i.e. 10) and assigns it to the value at the address in ptr. I.e. a is now assigned to be 10.

printf("%d \t %d \n" , a , b );

}

Printf statement result: 10 10

6. What is the output of the following program?

#include

int main( )

{

int a = 5, b = 10 , c = 15 ;

int *ptr = &c; //This declares the pointer ptr and initializes it to point to the address of c

b = *ptr; //This takes the value at the address in ptr (i.e. the value of c, which is 15) and assigns it to b.

*ptr = a; //This takes the value of a (i.e. 5) and assigns it to the value at the address in ptr. I.e. c is now assigned to be 5.

printf("%d \t %d \t %d \n" , a , b , c );

}

Printf statement result: 5 15 5

-----------------------

Note: In problem 3, each block is 1 byte of memory. There are 4 bytes per row. This is an equivalent method to represent memory to that which is in the lectures and SX up to this point. Pay attention to the incrementing of addresses by 4 instead of 1. Again, this is because each block represents 1 byte. Thus, the addresses for the memory increment as follows:

=

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download