Problem 1.
C compilers do not automatically check to make sure they are writing to memory that actually belongs to an array. Put another way: C compilers will not stop a user from writing beyond the bounds of an array.
Problem 2.
(a) Text segment
(b) No, the compiler organizes the stack.
(c) The compiler stores a function's variables at the bottom of the function's stack frame and grows upwards in sequential order, placing each variable on the stack as it is encountered in the C program
(i.e., the first variable encountered is placed on the stack first, then the second variable encountered is placed on the stack above the first variable, and so forth).
(d) ebp and esp .
(e) The proper return address is stored on the stack before going to fun , and this saved return address is placed in the eip register when fun is over.
(f) Yes, source code may contain one or more functions.
(g) The operating system begins executing a program at the function main.
Problem 3.
(a) a is: 0x0000004D b is: 0x00000015
(b) See table below for location of EBP-main and ESP-main
(c) See table below for location of main variable: a , main variable b , function argument: x and function argument: y
(d) Return address should be 0x0804841e
Saved value of base pointer should be 0xBFFFF818
(e)
(f)
(g)
(h)
(i)
See table below for location of
See table below for location of
See table below for location of
See table below for location of
24 characters.
EBP-main-revised saved base pointer
EBP-happy_times alpha_code
and
and return address
ESP-happy_times
5
(j)
(k)
Yes
No
Address
BFFFF7CD
BFFFF7CE
BFFFF7CF
BFFFF7D0
BFFFF7D1
BFFFF7D2
BFFFF7D3
BFFFF7D4
BFFFF7D5
BFFFF7D6
BFFFF7D7
BFFFF7D8
BFFFF7D9
BFFFF7DA
BFFFF7DB
BFFFF7DC
BFFFF7DD
BFFFF7DE
BFFFF7DF
BFFFF7E0
BFFFF7E1
BFFFF7E2
BFFFF7E3
BFFFF7E4
BFFFF7E5
BFFFF7E6
BFFFF7E7
BFFFF7E8
BFFFF7E9
BFFFF7EA
BFFFF7EB
BFFFF7EC
BFFFF7ED
BFFFF7EE
BFFFF7EF
BFFFF7F0
BFFFF7F1
BFFFF7F2
BFFFF7F3
BFFFF7F4
Value
41
41
41
41
41
41
0 (NULL)
6
Description
ESP-happy_times alpha_code
BFFFF7F5
BFFFF7F6
BFFFF7F7
BFFFF7F8
BFFFF7F9
BFFFF7FA
BFFFF7FB
BFFFF7FC
BFFFF7FD
BFFFF7FE
BFFFF7FF
BFFFF800
BFFFF801
BFFFF802
BFFFF803
BFFFF804
BFFFF805
BFFFF806
BFFFF807
BFFFF808
BFFFF809
BFFFF80A
BFFFF80B
BFFFF80C
BFFFF80D
BFFFF80E
BFFFF80F
18 f8 ff bf
1e
84
04
08
4d
00
00
00
00
00
00
15
ESP-main-revised AND saved base pointer AND
EBP-happy_times return address
ESP-main AND function argument x function argument y
BFFFF810
BFFFF811
BFFFF812
BFFFF813
BFFFF814
BFFFF815
BFFFF816
BFFFF817
15
00
00
00
4d
00
00
00 main variable: b main variable a
BFFFF818
BFFFF819
BFFFF81A
EBP-main
Problem 4.
(a) No.
(b) The program is writing more data into the buffer than it can hold—i.e., a buffer overflow.
(c) 10 bytes (9 characters plus the NULL).
(d) Increase the size of the buffer or only copy five characters and stop ( strncpy ).
7
Problem 5.
(a) 15 Bytes of Array + 4 Bytes of int + 4 bytes of prev_ebp = 23 characters. Note that a NULL character is automatically appended to the end.
(b) No, because year precedes the start of the buffer as it is declared last. Therefore if you write past the end of the buffer you will overwrite name_len , not year .
8