what a normie, cool kids use [Only registered and activated users can see links. Click Here To Register...] so you don't have to free up the memoryQuote:
Allocate some memory using malloc
I know that this thread is old, however i would still not suggest using alloca for this kind of user scenario as alloca allocates memory on the stack frame, thus the memory on the stack frame will automatically be de-allocated once returned (like you mentioned). However, the memory on the stack frame is limited to the stack frame itself (obviously), meaning that it's not suited for larger allocations whereas malloc can deal with such large allocations since it uses the heap and not the stack for allocations.Quote:
This was more or less a joke, but if you want to you can easiely increase the stack limitsQuote:
ulimit -s unlimited
editbin /STACK:4294967295 program.exe
But who cares about what the documentation says. Cool kidz use it anyway!Quote:
The alloca() function is machine- and compiler-dependent. For certain applications, its use can improve efficiency compared to the use of malloc(3) plus free(3). In certain cases, it can also simplify memory deallocation in applications that use longjmp(3) or siglongjmp(3). Otherwise, its use is discouraged.
great, now all people will increase their stack frame size and get away with it!Quote:
Linux:
Win32:Code:ulimit -s unlimited
and voiala stack limits aren't a problem anymore xD. If an ugly solution doesn't fit your needs, there is always an even more ugly hack to compensate for itCode:editbin /STACK:4294967295 program.exe
Also alloca has some advantages. Memory allocations via malloc are slow, especially if you have very fragmented memory. Stack allocations are literally only a single pointer increase, the fastest operation you can do.
But I feel the need to also say, alloca is not standardized, or to quote the man page:
But who cares about what the documentation says. Cool kidz use it anyway!
To quote [Only registered and activated users can see links. Click Here To Register...]Quote:
RAII is a C++ programming technique
(just kidding, c++ is great)Quote:
C++ is to C as Lung Cancer is to Lung
Hey! I just coded a simple Program with all your helpful instructions.Quote:
- [Only registered and activated users can see links. Click Here To Register...] the user how many values he's going to enter
- Allocate some memory using [Only registered and activated users can see links. Click Here To Register...]
- [Only registered and activated users can see links. Click Here To Register...] from the user and store the values inside the allocated memory
- Iterate through the list
- Sum up all values and divide them by the number of values
/* gcc (GCC) 9.2.0, GLIBC Version 2.30 (arch btw)
Compiled with `gcc file.c` */
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#define ARR_LEN 10
long int get_num(){
long int num;
if( (scanf("%ld",&num)) != 1){
num = -1;
}
while ((getchar()) != '\n');
return num;
}
long int *get_numbers(){
/* we're in 2k19, we only want the big stuff */
long int cnt, *data = 0, tmp;
int ret = 0;
/* Ask the user how many values he's going to enter */
printf("How many values do you want to enter?\n>");
cnt = get_num();
/* Allocate some memory using [STRIKE]malloc[/STRIKE] calloc (is safer, they say)
cnt + 1 to also store the cnt in data[0] */
data = calloc(cnt + 1, sizeof(*data));
if (data == NULL){
printf("No, no...");
exit(0);
}
data[0] = cnt;
/* Read from the user and store the values inside the allocated memory */
for(int i=1; i < cnt + 1; i++){
if( (tmp = get_num()) == -1){
break;
}
data[i] = tmp;
}
return data;
}
void print_average(long int **data){
int idx = 0;
long int sum = 0;
printf("average at which idx?\n>");
idx = get_num();
if(!(0 <= idx < ARR_LEN) || data[idx] == NULL){exit(0);}
/* Iterate through the list */
for(int i = 1; i < (data[idx][0] + 1); i++){
/* Sum up all values */
sum += data[idx][i];
}
/* and divide them by the number of values */
printf("The average is: %lf\n",(double)sum / data[idx][0]);
}
void delete_numbers(long int ** numbers){
int idx;
printf("delete at which idx?\n>");
idx = get_num();
if(0 <= idx < ARR_LEN && numbers[idx] != NULL){
free(numbers[idx]);
numbers[idx] = NULL;
} else {
printf("Try harder, lil fella\n");
}
}
void print_menu(){
printf("------------------\n");
printf("What do?\n");
printf("1) get numbers\n");
printf("2) print_average\n");
printf("3) delete_numbers\n>");
}
int get_next_index(long ** numbers){
for(int i = 0; i < ARR_LEN; i++){
if(numbers[i] == NULL){
return i;
}
}
return -1;
}
int main(){
int slot;
long int *data;
long int **numbers = calloc(ARR_LEN,sizeof(**numbers));
int num, ret;
setvbuf( stdout , NULL , _IONBF , 0);
for(int i=0; i < 50; i++){
print_menu();
num = get_num();
switch(num){
case 1:
slot = get_next_index(numbers);
if(slot == -1){
printf("delete first plox\n");
break;
}
data = get_numbers();
numbers[slot] = data;
break;
case 2:
print_average(numbers);
break;
case 3:
delete_numbers(numbers);
break;
default:
break;
}
}
free(numbers);
}
This is fun :). I really like playing CTF, but I'm not very good at it. The couple of issues I found might already be enough to solve it. At least it's enough to crash it ;D.Quote:
For some reason, i host this code on 46.101.210.6 port 1337.
If you can msg me with the contents of /chall/flag on this server, i will give you some e*g. Challenged is everyone who deems himself worthy. ;) Please do not speak publicly about potential vulnerabilities/solutions here. PM me if you need any pointers.
[...]
Feel free to ping more people, looking forward to see some skills :mofo:
Time to actually learn about some good ol memory corruptions. If not now, when then? One only learns serious shit when he leaves his comfort zone. GogoQuote:
@[Only registered and activated users can see links. Click Here To Register...] & @[Only registered and activated users can see links. Click Here To Register...] & @[Only registered and activated users can see links. Click Here To Register...] gogo
tl;drQuote:
and the corresponding code which is the very first thing _int_malloc (the internal malloc implementation, called by malloc, calloc, et al) does:Quote:
Minimum allocated size: 4-byte ptrs: 16 bytes (including 4 overhead)
8-byte ptrs: 24/32 bytes (including, 4/8 overhead)
When a chunk is freed, 12 (for 4byte ptrs) or 20 (for 8 byte
ptrs but 4 byte size) or 24 (for 8/8) additional bytes are
needed; 4 (8) for a trailing size field and 8 (16) bytes for
free list pointers. Thus, the minimum allocatable size is
16/24/32 bytes.
Even a request for zero bytes (i.e., malloc(0)) returns a
pointer to something of the minimum allocatable size.
/*
Convert request size to internal form by adding SIZE_SZ bytes
overhead plus possibly more to obtain necessary alignment and/or
to obtain a size of at least MINSIZE, the smallest allocatable
size. Also, checked_request2size returns false for request sizes
that are so large that they wrap around zero when padded and
aligned.
*/
if (!checked_request2size (bytes, &nb))
{
__set_errno (ENOMEM);
return NULL;
}
// This is no problem, as we just learned. Access within MINSIZE alloc'd junk.
data[0] = cnt;
// This loop will then terminate immediately, due to the fact that `1 < 0` is false.
// (signed-ness does not play any role here (since 0), so it does not matter if its a jg or ja.)
for(int i=1; i < cnt + 1; i++){
[..]
}