4

I apologize in advance for my lack of knowledge regarding stack smashing in C. I'm on ubuntu 12.04 editing with Code::Blocks. I have written a simple C program that causes stack smashing, but internet searches have turned up little useful advice as to why this is happening.

Example C code:

#include<stdio.h>

struct point3
    {float x, y, z;};

struct quadPolygon
    {struct point3 vert1, vert2, vert3, vert4;};

int writeLine(const char * objString)
    {FILE *file; file = fopen("aPlane.obj","a+"); fprintf(file,"%s",objString); fclose(file); return 0;};

int writeOBJ(struct quadPolygon myPoly)
    {
    char objString[] = "# plane def\n";  writeLine(objString);

    snprintf(objString, 128, "v %f %f %f \n", myPoly.vert1.x, myPoly.vert1.y, myPoly.vert1.z);  writeLine(objString);
    snprintf(objString, 128, "v %f %f %f \n", myPoly.vert2.x, myPoly.vert2.y, myPoly.vert2.z);  writeLine(objString);
    snprintf(objString, 128, "v %f %f %f \n", myPoly.vert3.x, myPoly.vert3.y, myPoly.vert3.z);  writeLine(objString);
    snprintf(objString, 128, "v %f %f %f \n", myPoly.vert4.x, myPoly.vert4.y, myPoly.vert4.z);  writeLine(objString);

    char objStringSmooth[] = "s off\n";  writeLine(objStringSmooth);
    char objStringFace[] = "f 1 2 3 4\n";  writeLine(objStringFace);
    return 0;
    };

int main()
{
    struct quadPolygon myPoly1 =
    {
    .vert1.x=1.0, .vert1.y=-1.0, .vert1.z=0.0,
    .vert2.x=1.0, .vert2.y=1.0, .vert2.z=0.0,
    .vert3.x=-1.0, .vert3.y=1.0, .vert3.z=0.0,
    .vert4.x=-1.0, .vert4.y=-1.0, .vert4.z=0.0
    };
    writeOBJ(myPoly1);
    return 0;
};

Why is the stack smashing and how could I change my code to avoid this? Is this related to using pointers incorrectly in the code above? I'm a little new to C as you can probably tell, but have some programming experience with other languages.

I have read that "Stack Smashing is actually a protection mechanism used by gcc to detect buffer overflow attacks" and "It means that you wrote to some variables on the stack in an illegal way, most likely as the result of a Buffer overflow".

Thank you for any responses/answers.

Update - Based on Evan's comment, here is revised code that works. Perhaps this may help someone else.

#include<stdio.h>

struct point3
    {float x, y, z;};

struct quadPolygon
    {struct point3 vert1, vert2, vert3, vert4;};

int writeOBJ(struct quadPolygon myPoly)
    {
    FILE *file; file = fopen("aPlane.obj","a+");
    fprintf(file,"%s","# plane def\n");
    char objString[128];
    snprintf(objString, sizeof(objString), "v %f %f %f \n", myPoly.vert1.x, myPoly.vert1.y, myPoly.vert1.z);
        fprintf(file,"%s",objString);
    snprintf(objString, sizeof(objString), "v %f %f %f \n", myPoly.vert2.x, myPoly.vert2.y, myPoly.vert2.z);
        fprintf(file,"%s",objString);
    snprintf(objString, sizeof(objString), "v %f %f %f \n", myPoly.vert3.x, myPoly.vert3.y, myPoly.vert3.z);
        fprintf(file,"%s",objString);
    snprintf(objString, sizeof(objString), "v %f %f %f \n", myPoly.vert4.x, myPoly.vert4.y, myPoly.vert4.z);
        fprintf(file,"%s",objString);
    char objStringSmooth[] = "s off\n";
        fprintf(file,"%s",objStringSmooth);
    char objStringFace[] = "f 1 2 3 4\n";
        fprintf(file,"%s",objStringFace);
    fclose(file);
    return 0;
    };

int main()
    {
    struct quadPolygon myPoly1 =
        {
        .vert1.x=1.0, .vert1.y=-1.0, .vert1.z=0.0,
        .vert2.x=1.0, .vert2.y=1.0, .vert2.z=0.0,
        .vert3.x=-1.0, .vert3.y=1.0, .vert3.z=0.0,
        .vert4.x=-1.0, .vert4.y=-1.0, .vert4.z=0.0
        };

    writeOBJ(myPoly1);
    return 0;
    };

Thanks again everyone.

Improve this question
1
  • If you fib to your compiler, it will get its own back on you. Commented May 25, 2012 at 0:27

4 Answers 4

Reset to default
6

This is where your problem is:

char objString[] = "# plane def\n";  writeLine(objString);

snprintf(objString, 128, "v %f %f %f \n", myPoly.vert1.x, myPoly.vert1.y, myPoly.vert1.z);  writeLine(objString);
snprintf(objString, 128, "v %f %f %f \n", myPoly.vert2.x, myPoly.vert2.y, myPoly.vert2.z);  writeLine(objString);
snprintf(objString, 128, "v %f %f %f \n", myPoly.vert3.x, myPoly.vert3.y, myPoly.vert3.z);  writeLine(objString);
snprintf(objString, 128, "v %f %f %f \n", myPoly.vert4.x, myPoly.vert4.y, myPoly.vert4.z);  writeLine(objString);

objString is an array with strlen("# plane def\n") + 1 characters of space. Then you use snprintf on that buffer passing 128 (which is WAY too large).

I would re-write it this way:

writeLine("# plane def\n");

char objString[128]
snprintf(objString, sizeof(objString), "v %f %f %f \n", myPoly.vert1.x, myPoly.vert1.y, myPoly.vert1.z);  writeLine(objString);
snprintf(objString, sizeof(objString), "v %f %f %f \n", myPoly.vert2.x, myPoly.vert2.y, myPoly.vert2.z);  writeLine(objString);
snprintf(objString, sizeof(objString), "v %f %f %f \n", myPoly.vert3.x, myPoly.vert3.y, myPoly.vert3.z);  writeLine(objString);
snprintf(objString, sizeof(objString), "v %f %f %f \n", myPoly.vert4.x, myPoly.vert4.y, myPoly.vert4.z);  writeLine(objString);

SIDE POINT:

Why are you opening and closing the file for every line written? That is incredibly inefficient...

Would be better to open the file once at program start, write all your lines, then close it when finished. This will also make the code simpler.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

you can confirm that you are getting a valid FILE* by fopen..

by explicit check of NULL pointer.

Improve this answer

Comments

0

The problem is with the following line:

char objString[] = "# plane def\n";

This only allocates just enough space for the string "# plane def\n", and later on, you write longer strings into it (using snprintf).

Since you're already using the constant value 128, how about:

char objString[128];
strcpy(objString, "# plane def\n");
writeLine(objString);
/* continue as before */

Note that strcpy can smash the stack too, so make sure the destination has enough space for whatever you're copying in.

Improve this answer

Comments

0

As it is already answered by Evan Teran. But I would like to suggest few ways to detect such problems :

  • Try compiling using gcc -fno-stack-protector stack.c and check whether it still gives you stack smash detected.
  • use -g flag for gnu-debugger. As gcc -g stack.c and then gdb a.out -> run. It will stop execution where it got problem. Then you can type where in gdb to see which line of code is root of the problem.
Improve this answer

1 Comment

Thankyou Peeyush, this gives me new insights into debugging with gcc.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.