Hi everybody. I am newbie that is trying to test a program and this morning I found the line below in the source.
Code:
scanf("%10s",buff);
buff is an array of 10 char. Then, I used different inputs to see the behavior and I discovered that sometimes the program can crash. My question is, why? I wrote these lines to study more deeply the behavior of scanf.
Code:
[gnix@localhost array]$ cat scanf.c
#include <stdio.h>
int main()
{
char buff[10];
scanf("%10s",buff);
return 0;
}
And when I execute the program I get the following results:
Code:
[gnix@localhost array]$ ./scanf
1234567890
Segmentation fault
[gnix@localhost array]$ ./scanf
1234567890
Segmentation fault
[gnix@localhost array]$ ./scanf
1234567890
[gnix@localhost array]$ ./scanf
12345678901234567890
[gnix@localhost array]$ ./scanf
12345678901234567890
Segmentation fault
[gnix@localhost array]$ ./scanf
12345678901234567890
Segmentation fault
[gnix@localhost array]$ su
Password:
[root@localhost array]# echo 0 > /proc/sys/kernel/randomize_va_space
[root@localhost array]# exit
exit
[gnix@localhost array]$ ./scanf
123456789
[gnix@localhost array]$ ./scanf
1234567890
^C
[gnix@localhost array]$ ./scanf
12345678901234567890
^C
Probably the segmentation faults are related to the ASLR. In any case, the %10s in the format parameter of the scanf function means that scanf will read only 10 characters, so why did the program crash?
I hope you understand my question.. and sorry if I did any mistake, but english is not my mother language.
gnix
