next-dlp/c/ex2.c

31 lines
992 B
C
Raw Normal View History

2022-11-21 16:38:13 +01:00
#include <stdio.h>
#include <string.h>
char* f(int m) {
char buf[6];
int x;
if (m == 1 && x-- /* variable is read before initialization */) {
strcpy(buf, "AAAAAA"); // null-byte copy overflows buffer at index 7
return buf; // Return stack allocated array
} else if (m == 2) {
char* msg = (char*)malloc(100); // malloc is declared in <stdlib.h>
// While technically not UB, as it will be implicitly declared by the
// compiler, this is error-prone and the implicit declaration most
// likely does not match the actual function
strcpy(msg, "BBBBBB");
return msg;
}
// Missing return value
}
int main(int argc, char** argv) {
char* m;
m = f(argc);
putchar(m[0]); // if m != 2, either reads garbage stack memory or
// non-sensical pointer due to missing return value
return 0;
// Potential memory leak, if m == 2
// While not UB, it is frowned upon
}