Re: Smashing the Stack?

["Vinay A. Mahadik" <VAMahadik () lbl gov>]

Some of your questions seem familiar.. I had similar ones when I was
learning a couple of months back. I was writing a HOWTO back then on
this.. basically for my own sake.. but gave up at some point due to lack
of time. But, I think this doc will help since it covers
some of your questions. If you find it useful and add something to this
HOWTO, pls to pass a copy back to me.. 

It's at http://hickory.csc.ncsu.edu/security/BOTutorial.html

About your question, it's due to alignment decisions made by the
compiler. You'll need to read more from somewhere on that (perhaps
google).

Thanks,
Vinay.

Jeremy Junginger wrote:
> In "Smashing the Stack for Fun and Profit" by Aleph One, There is a nice
> example program called example1.c.  It looks like this:
>
> void function(int a, int b, int c) {
>         char buffer1[5];
>         char buffer2[10];
>
> void main() {
>         function(1,2,3);
> }
>
> Then, we go through how to generate assembley code output, how the
> values are pushed onto the stack in reverse order, then the function
> call, then moves the Frame Pointer onto the stack and copies the current
> Stack Pointer into EBP.  That part is groovy.  Then when we look at the
> function, in the example, he discusses how memory buffers are allocated
> in "word" (4 byte) increments.   That makes sense; however, when I
> generate the assembly code with the exact same code, I see that it is
> subtracting 40 rather than the expected 20
> (bufger1(5bytes=2words=8bytes+10bytes=3words=12bytes).  This part looks
> crucial to understanding the rest of the concepts in the paper, so I'm
> hesitant to continue without understanding this descrepancy.  Any input
> would be very much appreciated.

--
Vinay A. Mahadik
Summer Intern
Computer Protection Program
Lawrence Berkeley National Laboratory
(510) 495 2618