PRINTF parameter is insufficient

By C & C++

My question is about the behavior after printf with missing parameters: 

printf("%s blah blah %d ", int); // integer was given as argument (and not int written)

I already know that if the format parameter is insufficient, the behavior is
undefined.

The question is whether the printf result or the entire program is undefined?

>When %s tries to read from an unauthorized memory address, a crash may occur. (It happened to me)
> Will a crash occur after printf finishes? (Print some garbage strings and integers)

Edit:

Clarify that I am not asking about compilation errors or warnings, and the program will not crash when executing this line. The problem is that this line can Make the program crash randomly after this line has been executed.

basically applies to the entire plan. Printf starts Take the parameter out of the stack, in this case, an int that is worth too much is needed. This is usually similar to the return address. Therefore, when printf returns, it will return to any random number next on the stack. The usual result – If you are lucky – it is a segmentation fault.

Because it pushes the parameters onto the stack, it will pop them out, so it will try to get the int first.

< p> If you are not lucky, it will find an addressable code block. This leads to the second case where the address becomes the address of a random character hash. Now it will try to print a string until it finds a random The NUL character.

Update

As Joachim pointed out, the specific problem is determined by the calling convention, so let’s make a clear example. When the printf function is to be called , Press the return address first or press it last. We assume it is pushed first (more common on the usual architecture), so this call requires the PUSH return address, the PUSH address of the format string, and PUSH is an int value-let We say 42. This gives us this stack:

RTN ADDR
ADDR OF STRING
42

and make the stack pointer SP points to the next position on the stack.

Now printf begins to interpret the string. It looks for the address of the int parameter and finds out its SP-1. So the address of the string parameter must be SP-2… But this is the address of the format string because there is no string parameter. Then when it looks up the address of the format string, it wants to find SP-3, but this is the return address, the address of the executable code. In most any On the machine, this should cause a segmentation fault.

If you pass the other options of the calling convention, you will find that each of them looks wrong, because anyway, printf thinks it needs Refer to three things in the stack instead of two.

My question is about the behavior after printf with missing parameters: 

printf("%s blah blah %d", int); // i nteger was given as argument (and not int written)

I already know that if the format has insufficient parameters, the behavior is
undefined.

The problem is the printf result or the entire program Is it undefined?

>When %s tries to read from an unauthorized memory address, a crash may occur. (It happened to me)
> Will a crash occur after printf finishes? (Print some garbage strings and integers)

Edit:

Clarify that I am not asking about compilation errors or warnings, and the program will not crash when executing this line. The problem is that this line can Make the program crash randomly after this line has been executed.

Basically applies to the entire plan. Printf starts to take the parameters from the stack, in this case, An int that is worth too much is required. This is usually similar to the return address. Therefore, when printf returns, it will return to any random number next on the stack. The usual result-if you are lucky-is a segmentation fault.

Because it pushes the parameters onto the stack, it will pop them out, so it will try to get the int first.

If you are not lucky, it will find a Addressed code block. This leads to the second case where the address becomes the address of a random character hash. Now it will try to print a string until it finds a random NUL character.

Update

As Joachim pointed out, the specific problem is determined by the calling convention, so let’s make a clear example. When you want to call the printf function, press the return address first or press it last. We assume it is pushed first (more common on the usual architecture), so this call requires the PUSH return address, the PUSH address of the format string, and PUSH is an int value – let’s say 42. This gives us this stack: < /p> 

RTN ADDR
ADDR OF STRING
42

And make the stack pointer SP point to the next position on the stack.

Now printf begins to interpret the string. It looks for the address of the int parameter and finds out its SP-1. So the address of the string parameter must be SP-2… but it is the address of the format string because there are no characters String parameter. Then when it looks up the address of the format string, it wants to find SP-3, but this is the return address, the address of the executable code. On most any machine, this should cause a segmentation fault. /p>

If you go through the other options of the calling convention, you will find that each of them looks wrong, because anyway, printf thinks that it needs to refer to three things in the stack, not that it has Two.

, ,

Leave a Comment

Your email address will not be published.