I am learning about code auditing, and I have a question relating to the argc/argv[] variables. I think that the argc is an integer type, so would enough command line arguments overflow the buffer? I know that it's a stretch, but I am looking for the third vulnerability in our practice program, and I can't find it. Any advice would be great!

Thanks for reading this!

Stephen

If your going that route I would check the sizeof(argc) just to see what your dealing with, .i.e is it an unsigned char, unsigned short or whatever

Just to see what size of variables are accepted

Edited 7 Years Ago by gerard4143: n/a

I am learning about code auditing, and I have a question relating to the argc/argv[] variables. I think that the argc is an integer type, so would enough command line arguments overflow the buffer? I know that it's a stretch, but I am looking for the third vulnerability in our practice program, and I can't find it. Any advice would be great!

If the host environment is going to provide them, I wouldn't expect it to give you something that overflows. Rather, if the possibility of overflow were available, I would expect the host environment to do something like make argc zero to avoid the potential issue.

If your going that route I would check the sizeof(argc) just to see what your dealing with, .i.e is it an unsigned char, unsigned short or whatever

Just to see what size of variables are accepted

???

If you have an argc, it's an int.

I know that it's a stretch, but I am looking for the third vulnerability in our practice program, and I can't find it.

It's a big stretch. Even with the minimum range of int and no safeguards by the runtime, there would have to be 32,768 command line arguments to overflow argc. Your practice program probably has a different third vulnerability. Is it possible to post the code?

Edited 7 Years Ago by Tom Gunn: n/a

This article has been dead for over six months. Start a new discussion instead.