The stack protector works with the strcpy () example, but does not receive ()

Question

The stack protector works with the strcpy () example, but does not receive ()

I am testing the GCC stack protector. When I overflow the buffer with the insecure strcpy () function, the stack protector detects what I am doing and throws the following exception:

*** stack smashing detected ***: ./a.out terminated
Aborted (core dumped)

When I do the same with the unsafe gets () function, I get a segmentation error instead.

segmentation fault: 11

Why is this happening? What is the difference between these two cases? Here is an example of the code I used

gets () an example

#include <stdio.h>
#include <string.h>
#include <math.h>
#include <stdlib.h>
#include <stdbool.h>

void say_hello (void);

int main (){

        printf("Enter your name\n");
        say_hello();
        return 0;
}

void say_hello (void) {

        char name[5];
        gets(name); //this is a unsafe function to use. Results in stack overflow
        printf("Hello %s\n", name);

}

strcpy () example

#include <stdio.h>
#include <string.h>

int main(int argc, char** argv){

        char buffer [5];
        strcpy(buffer,argv[1]);


 return 0;

}

+4

c gcc security

SivaDotRender Jun 29 '15 at 15:40

source share

1 answer

A B · Accepted Answer · 2015-06-29T16:25:00+0000

strcpy() , , . - , , . - / .

strcpy() strcpy_s(), .

gets() fgets(), :

, -
()
(, 1 , , 15 ).
,
/ ... . , , .

. , (, ).

, , - undefined, .

The stack protector works with the strcpy () example, but does not receive ()

More articles: