Qn on buffer overflow

unregistered (199)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 

#include <string.h>
#include <stdio.h>
 
void foo (char *bar)
{
   float My_Float = 10.5; // Addr = 0x0023FF4C
   char  c[12];           // Addr = 0x0023FF30
 
 
   // Will print 10.500000
   printf("My Float value = %f\n", My_Float);
 
    /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       Memory map:
       @ : c allocated memory
       # : My_Float allocated memory
       - : other memory
 
 
           *c                      *My_Float
       0x0023FF30                  0x0023FF4C
           |                           |
           @@@@@@@@@@@@----------------#####
      foo("my string is too long !!!!! XXXXX");
 
   memcpy will put 0x1010C042 in My_Float value.
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
 
   memcpy(c, bar, strlen(bar));  // no bounds checking...
 
 
   // Will print 96.031372
   printf("My Float value = %f\n", My_Float);
}
 
int main (int argc, char **argv)
{
   foo("my string is too long !!!!! \x10\x10\xC0\x42");
   return 0;
}


took this from wikipedia, it says that "other memory" is stored between the char array c and the My_Float variable. What is this other memory and where did it come from?
Caligulaminus (201)
They just made up an example to show their point.

where did it come from?

Taiwan? ;)
unregistered (199)
huh?
assuming that its a 32bit computer, then shouldn't the float occupy 4bytes after the old value of ebp and then 12 bytes following the float with no space in between?
Topic archived. No new replies allowed.