.pf{position:relative;background-color:#fff;overflow:hidden;margin:0;border:0}.pc{position:absolute;border:0;padding:0;margin:0;top:0;left:0;width:100%;height:100%;overflow:hidden;display:block;transform-origin:0 0;-ms-transform-origin:0 0;-webkit-transform-origin:0 0}.bi{position:absolute;border:0;margin:0}.c{position:absolute;border:0;padding:0;margin:0;overflow:hidden;display:block}.t{position:absolute;white-space:pre;font-size:1px;transform-origin:0 100%;-ms-transform-origin:0 100%;-webkit-transform-origin:0 100%;unicode-bidi:bidi-override;-moz-font-feature-settings:"liga" 0}.t:after{content:''}.t:before{content:'';display:inline-block}.t span{position:relative;unicode-bidi:bidi-override}._{display:inline-block;color:transparent;z-index:-1}.pi{display:none}@media screen{.pf{margin:13px auto;box-shadow:1px 1px 3px 1px #333;border-collapse:separate}}.ff1{font-family:ff1;line-height:1.432;font-style:normal;font-weight:400;visibility:visible}.ff2{font-family:ff2;line-height:1.432;font-style:normal;font-weight:400;visibility:visible}.ff3{font-family:ff3;line-height:.941406;font-style:normal;font-weight:400;visibility:visible}.m0{transform:matrix(.320260,0,0,.320260,0,0);-ms-transform:matrix(.320260,0,0,.320260,0,0);-webkit-transform:matrix(.320260,0,0,.320260,0,0)}.ls1{letter-spacing:0}.ls2{letter-spacing:.130400px}.sc0{text-shadow:-.015em 0 transparent,0 .015em transparent,.015em 0 transparent,0 -.015em transparent}@media screen and (-webkit-min-device-pixel-ratio:0){.sc0{-webkit-text-stroke:.015em transparent;text-shadow:none}}.ws1{word-spacing:-12.406880px}.ws0{word-spacing:-12.27648px}.ws2{word-spacing:0}._0{margin-left:-1.23648px}._1{width:1.11232px}._3{width:45.002240px}._5{width:74.470400px}._4{width:104.405120px}._2{width:131.707520px}.fc0{color:#000}.fs0{font-size:44.16px}.y1{bottom:0}.y2c{bottom:126.392685px}.y2b{bottom:144.988284px}.y2a{bottom:163.589008px}.y0{bottom:179.345819px}.y29{bottom:182.189731px}.y28{bottom:200.94418px}.y27{bottom:219.544903px}.y26{bottom:238.145627px}.y25{bottom:256.746351px}.y24{bottom:275.53923px}.y23{bottom:294.139954px}.y22{bottom:312.740677px}.y21{bottom:331.341401px}.y20{bottom:349.942124px}.y1f{bottom:368.696573px}.y1e{bottom:387.297296px}.y1d{bottom:405.898020px}.y1c{bottom:424.498743px}.y1b{bottom:443.253192px}.y1a{bottom:461.853916px}.y19{bottom:480.480260px}.y18{bottom:499.080983px}.y17{bottom:517.681707px}.y16{bottom:536.436155px}.y15{bottom:555.036879px}.y14{bottom:573.637602px}.y13{bottom:592.238326px}.y12{bottom:610.839050px}.y11{bottom:629.593498px}.y10{bottom:648.194222px}.yf{bottom:666.794945px}.ye{bottom:685.395669px}.yd{bottom:704.188548px}.yc{bottom:722.789272px}.yb{bottom:741.389995px}.ya{bottom:759.990719px}.y9{bottom:778.591443px}.y8{bottom:797.345891px}.y7{bottom:815.946615px}.y6{bottom:834.547338px}.y5{bottom:853.148062px}.y4{bottom:871.902510px}.y3{bottom:890.503234px}.y2{bottom:909.129578px}.h3{height:49.68px}.h2{height:50.69568px}.h1{height:709.697027px}.h0{height:1014.58492px}.w1{width:341.397577px}.w2{width:783.997426px}.w0{width:783.997438px}.x1{left:.000012px}.x2{left:92.265726px}.x3{left:115.324474px}.x4{left:161.436846px}.x0{left:189.594152px}

CSE 127 Lecture 4: L4 10/9/18

Ebp+8: positive numbers away from the bp are for arguments (previous frame) Ebp-4: negative numbers away from the bp are for your local variables. Format string vulnerabilities printf() - this is not part of the c language! (actually just a byproduct of printf()!) Variadic functions - you can accept a variable # of args! Another arg implicitly encodes count (ex: the string itself!) Last arg is a reserved terminator value (eg. Pushes pointer to format string onto stack. Uses format string to read args off of stack. Reads one value off stack for each % parameter. Printf runtime is controlled by % parameters. You could have too many or too few args though! User is responsible for enforcing 1-1 mapping between format specifiers and args. Too few: it"ll print whatever is on the stack! Not a good idea to let an attacker feed arbitrary commands to your command interpreter! // print everything in buf as a string.

United States

Introduction to Computer Security

Computer Science and Engineering

Savage, Stefan

University of California - San Diego

Organismic and Evolutionary Biology

Computer Networks

Database Systems Applications

Introduction to Modern Cryptography

Programming Languages: Principles and Paradigms

Introduction to Artificial Intelligence: Search and Reasoning

Online Database Analytics Applications

Database System Principles

Principles of Computer Operating Systems

Introduction to Computer Architecture

Topics in Computer Science and Engineering

Computer Graphics

Rome, Christianity, and the Middle Ages

Renaissance, Reformation, and Early Modern Europe

Language, Culture, and Education

Networked Services

Software Engineering

Web Client Languages

CSC209H1 Study Guide - Final Guide: Exit Status, Bitstream, Standard Streams

All Subjects

Accounting

Mathematics

Statistics

Computer Science

Calculus

Psychology

Management

Biology

Physics

Chemistry

Electrical Engineering

Mechanical Engineering

Marketing

Music

History

Project Management

Business

Architecture

Geography

Science

Nursing

Information Technology

Engineering

English

Finance

Philosophy

Astronomy

Communications

Sociology

Anthropology

Prealgebra

Algebra

Precalculus

Ethics

Geometry

Probability

Economics

CSE 127 Lecture 4: L4 10/9/18

Document Summary

Get access

Related Documents

CSC209H1 Study Guide - Final Guide: Exit Status, Bitstream, Standard Streams