a. After compiling and linking the program, the student runs it. The output is a

Question

a. After compiling and linking the program, the student runs it. The output is as follows:

bash-3.00$ ./a.out

the first number is: two

the second number is: three

Everything seems to be working fine. However, the program exhibits a conceptual misunderstanding of the programming language C and the Cruntime environment. What is the problem? (Remember, the program compiled and linked fine)

b. What would you expect the output to look like if we removed the comment s of the third ‘printf()’ call in ‘main()’?

#include #include char* the word (int num) char buf [8]; switch (num % 4) case 0 snprintf (buf, sizeof (buf), "zero") break; case 1: snprintf (buf, sizeof (buf),"one") break; case 2: snprintf (buf, sizeof (buf),"two") break; case 3: snprintf (buf, sizeof (buf), "three") break; default: break; return buf; main() char nptrl; char nptr2; nptr1 the word (2); printf("the first number is: %s ", nptr1); nptr2 = the word (3); printf ("the second number is: %s ", nptr2); /*What if we uncomment the following line of code? */ /* printf ("the first number is: %s ", nptr1); */

Explanation / Answer

a) Buffer overflow attack

Because the size of the buffer was defined (char buf[8]) and it was filled it with more that 8 characters of char type, the buffer would be overflowed.

b) O/p willl be

the first number is: two

the second number is: three

the first number is: two

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.