The C code below shows a (low-quality) implementation of a function that reads a line from standard input, copies the string to newly allocated storage, and returns a pointer to the result.

C Code

char *get_line(){{

char buf[8];

char *result;

gets(buf);

result = malloc(strlen(buf+1));

if(result)

strcpy(result, buf);

return result;

}

Assembly code up through call to gets

get_line:

400720: 53 push %rbx

400721: 48 83 ec 10 subq $0x10, %rsp

400725: 48 89 e7 movq %rsp, %rdi

400728: e8 73 ff ff ff callq 4006a0

Consider the following scenario. Procedure get_line is called with the return address equal to 0x400776 and register %rbx equal to 0x0123456789012345. You type in the string

ABCDEFGHIJKLMNOPQRSTUVWXYZ

The program terminates with a segmentation fault. You run GDB and determine that the error occurs during the execution of the ret instruction in get_line.

Show the stack layout, on the diagram below, as much as you can after executing the instruction at the address 0x400721 in the assembly code above. Label the quantities stored on the stack (eg. Return address) on the right, and their hexadecimal values (if known) within the box. Each box represents 8 bytes. Indicate the position of %rsp. Recall that ASCII codes for characters A-Z are 0x41-0x5A.

00 00 00 00 00 40 07 76	Return address

Modify the stack diagram to show the effect of the call to gets after executing the instruction at the address 0x400728.

To what address does the program attempt to return?

What register(s) have corrupted value(s) when get_line returns?