how setbuf is working in c program

Jonathan Neuschäfer j.neuschaefer at gmx.net
Mon Jun 6 11:24:48 EDT 2011 

On Mon, Jun 06, 2011 at 08:05:31PM +0530, Prabhu wrote:
> Hi all,
> 
> I am writing user- space driver. My intention is to print whatever
> string i am enter into terminal.
> 
> Here i am using setbuf function to sent the data to the print after
> some fixed string length.
> 
> I wrote below program for understand setbuf functionality. But i am
> getting unpredictable result for some output . can any one explain
> the why i am getting these result.
> 
> root at desktop:/home/prabhu# cat a.c
> #include <stdio.h>
> main()
> {
> char buff2[]= "hello world";
> char buf1[6]="";

>From the manpage:

	You must make sure that the space that buf points to still
	exists by the time stream is closed, which also happens at
	program termination.  For example, the following is invalid:

	#include <stdio.h>

	int main(void)
	{
		char buf[BUFSIZ];
		setbuf(stdin, buf);
		printf("Hello, world!\n");
		return 0;
	}


In addition setbuf assumes the buffer to be BUFSIZE big.

> setbuf(stdin, buf1);
> getchar();
> printf ("%s",buf1);

Do you really want to print buf1 here?

> }
> 
> 
> root at desktop:/home/prabhu# cc a.c
[ don't shoot yourself in the foot, root ]
> root at desktop:/home/prabhu# ./a.out
> a
> a
> root at desktop:/home/prabhu# ./a.out
> aa
> aa
> root at desktop:/home/prabhu# ./a.out
> aaa
> aaa

Here you're just lucky you found some zeros on the stack. You generally
_cannot_ predict what you will find on the stack, if you didn't write to
it in the same function (or a function called by it).

(buf1 now contains {'a', 'a', 'a', '\n', zero, something_likely_zero})

> root at desktop:/home/prabhu# ./a.out
> aaaa
> aaaa
> root at desktop:/home/prabhu# ./a.out
> aaaaa
> aaaaa
> hello worldroot at desktop:/home/prabhu# ./a.out

You seem to have a stack layout like this:
  [ buf1 ] [ buf2       ]

stdio now tries to write "aaaaa\n" (without null-termination) into buf1.
printf sees this: "aaaaa\nhello world\0", and, of course, prints everything
up to the \0.

Btw, your program has severe security vulnerabilities; try feeding it long
(> 18 chars) strings or strings containing printf format specifiers :-).

> aaaaaa
> aaaaaa
> ello worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaa
> aaaaaaa
> llo worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaaa
> aaaaaaaa
> lo worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaaaa
> aaaaaaaaa
> o worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaaaaa
> aaaaaaaaaa
>  worldroot at desktop:/home/prabhu# ./a.out
> aaaaaaaaaaa
> aaaaaaaaaaa

Thanks / HTH,
	Jonathan Neuschäfer

More information about the Kernelnewbies mailing list