i have piece of c code running on development box aslr enabled. returning char pointer (char *) function, somehow few bytes in returned pointer address getting changed, printf output below:
kerb_selftkt_cache 0x00007f0b8e7fc120 cache_str get_self_ticket_cache 0xffffffff8e7fc120 the char pointer 0x00007f0b8e7fc120 being returned function, getting modified 0xffffffff8e7fc120 differs original pointer address 1 word (4-bytes) 0xffffffff instead of 0x00007f0b, last 4 bytes (8e7fc120) being same. idea might going on? , how possibly fix this. code running on linux 64-bit architecture on intel xeon. code existing proprietary library, can't share exact code, code logic looks this:
typedef struct mystr { int num; char addr[10]; }mystr; static mystr m1; char *get_addr() { return m1.addr; } void myprint() { printf("mystr m1 address %p\n",&m1); printf("mystr m1 addr %p\n",m1.addr); } int main (int argc, char *argv[]) { char *retadd; myprint(); retadd = get_addr(); printf("ret address %p\n",retadd); return 0; } retadd , m1.addr different when aslr turned on.
my guess func takes int or else 4 bytes wide, argument gets casted pointer type sign-extends it. except compiler (gcc?) should warn without flags -wall, hey, maybe have weird-ass macros or obfuscate it.
alternatively mean passing fact return (as opposed passing argument). explained c defaulting int return value if function declaration missing. in case make sure got stuff declared.
Comments
Post a Comment