how big can be an array to give segmentation fault!!!

mlaich · 01-20-2006, 09:27 PM

Hi all,
I was working on a C program, but the memory demands are hefty, just to check how much load my system can take, i just ran a small program:

Code:

#include <stdlib.h>

int main() {
  char s[10*1024000];

  strcpy(s, "1111111111111111111111");
  printf("%s", s);

  return 0;
}

it compiled fine but gave segmentation fault while executing ... which in other words means (at least to me... as i am not quite familiar with C/Linux

), the total combined size of all the arrays should not cross 10MB (it worked fine with "char s[8*1024000];" declaration).

Would you guys please tell me how this could be increased or decreased and/or how this is determined that what should be the combined array sized if all the arrays are initialized in the same function. My system is pentium III with 256MB RAM and I am working on RH 9.0.

thanx --mlaich

xhi · 01-20-2006, 10:43 PM

hmm .. i dont know what the stack limits are.. probably can be found somewhere..
but you should be able to allocate heap mem..
like so

Code:

char* s = new char[10*1024000];
strcpy(s, "1111111111111111111111");
printf("%s", s);
delete[] s;

i am using c++ but you get the pt.. this works for me

btw i also segfault with your original code.

mlaich · 01-20-2006, 10:58 PM

hi...
i tried to do something like that... but could not get any success...
anyway would you please tell me what this stack and heap is all about, and how to use them. I really have no idea what they are and how they can be used in C.

thanx --mlaich

xhi · 01-20-2006, 11:36 PM

well a quick summary is that the stack is where your local variables get stored... so if you declare

Code:

int x;
char* s = "something";
string str;
char a = 'a';

any of those are going on the stack.. the stack is also limited in size, far below your total mem..

the heap is for when you allocate memory with a call to new, or *alloc..

Code:

char* s = new char[100];
string* str = new string("string");
Foo* f = new foo;

so you are possibly using too much stack.. im not sure.. but it is definately limited, where as the heap is all your mem available to the sys..

mlaich · 01-21-2006, 12:20 AM

hi...
i think i got what you are saying...
i implemented

Code:

#include <stdlib.h>

int main() {
char *s;
int i=1024000;           //1MB
s=(char *)malloc(800*i); //800MB
strcpy(s, "1111111111111111111111");
printf("%s", s);
return  0;
}

and it worked successfully...
thanx for help

thanx --mlaich

noir911 · 01-21-2006, 12:34 AM

I am a C newbie and trying to understand why segfault would be bad security-wise. I can write code which will cause segfault. But how can it be used for previlege escalation <say, from normal-user to root> or how can it help one user to execute commands or read files as another user?

TIA.

introuble · 01-21-2006, 02:04 AM

@ noir911:

you don't understand what a segmentation fault is, and when it can occur. Also, just because a program segfaults doesn't mean it's a security risk [but it does mean there's something wrong with the program]. When you will fully understand it, I'm sure you'll know how one can "excute commands as another user". Good luck.

Ah, maybe you'd like some book titles:

Advanced Programming in the Unix Environment [ Richard Stevens ]
Advanced Linux Programming
Unix Network Programming

Also, you should try to learn at least some x86 assembly.

Once you've done that, if you haven't figured it out by yourself, you can try:

The Shellcoder's Handbook
The Art of Exploitation

.. but I doubt they'll be relevant if you fully comprehend the programming books.

xhi · 01-21-2006, 07:58 AM

Quote:

Originally Posted by noir911

I am a C newbie and trying to understand why segfault would be bad security-wise. I can write code which will cause segfault. But how can it be used for previlege escalation <say, from normal-user to root> or how can it help one user to execute commands or read files as another user?

TIA.

sounds like you want information on buffer overflows.. try a googling on buffer overflow related topics and you will find what you are looking for..