Figure 3.41 shows a (low-quality) implementation of a function that reads a line from standard input, copies the string to newly allocated storage, and returns a pointer to the result. Consider the following scenario. Procedure get_line is called with the return address equal to 0x400776 and register %rbx equal to 0x0123456789ABCDEF. You type in the string 0123456789012345678901234

The program terminates with a segmentation fault. You run gdb and determine that the error occurs during the execution of the ret instruction of get_line.

A. Fill in the diagram that follows, indicating as much as you can about the stack just after executing the instruction at line 3 in the disassembly. Label the quantities stored on the stack (e.g., “Return address”) on the right, and their hexadecimal values (if known) within the box. Each box represents 8 bytes. Indicate the position of %rsp. Recall that the ASCII codes for characters 0–9
are 0x30–0x39.

B. Modify your diagram to show the effect of the call to gets (line 5).

C. To what address does the program attempt to return?

D. What register(s) have corrupted value(s) when get_line returns?

E. Besides the potential for buffer overflow, what two other things are wrong with the code for get_line?

Transcribed Image Text:

(a) C code /* This is very low-quality code. It is intended to illustrate bad programming practices. See Practice Problem 3.46. */ char *get_line () { 1 2 3 } (b) Disassembly up through call to gets char *get_line () 0000000000400720 : char buf [4]; char *result; 4 gets (buf); result = malloc(strlen(buf)); strcpy(result, buf); return result; 400720: 53 400721 48 83 ec 10 Diagram stack at this point. 400725: 48 89 e7 400728: e8 73 ff ff ff Modify diagram to show stack contents at this point Figure 3.41 C and disassembled code for Practice Problem 3.46. 5 push %rbx sub $0x10,%rsp mov %rsp,%rdi callq 4006a0