3

Could someone explain why is my strcat doing this?

I can't seem to find out why I am rewriting on a part of the source string.

The output is like this: New String: HelloThis shall be after my backslash 0 in str1h 0 in str1

    global  strcat
            extern  strlen

strcat:

    push    ebp
    mov     ebp, esp
    push    ecx
    push    esi
    push    edi
    push    ebx
    push    edx
    xor     edx, edx
    xor     edi, edi
    xor     ebx, ebx
    xor     esi, esi
    xor     ecx, ecx
    mov     edi, [ebp + 8]
    mov     esi, [ebp + 12]
    push    edi
    call    strlen
    pop     edi
    mov     ecx, eax
    xor     eax, eax
    push    esi
    call    strlen
    pop     esi
    mov     ebx, eax
    xor     eax, eax
    cmp     [edi + ecx], byte 0b
    je      PUT_LINE
    jmp     FINALIZE_END

PUT_LINE:

    cmp     ebx, eax
    je      END
    mov     dl, [esi + eax]
    mov     [edi + ecx], dl
    xor     edx, edx
    inc     eax
    inc     ecx
    jmp     PUT_LINE

END:

    mov     eax, [ebp + 8]
    jmp     FINALIZE_END

FINALIZE_END:

    pop     edx
    pop     ebx
    pop     edi
    pop     esi
    pop     ecx
    mov     esp, ebp
    pop     ebp
    ret

~

~

int     main(int argc, char** argv)
{
        (void)argc;
        (void)argv;
        char*   str1;   
        char*   str2;

        str1 = strdup("Hello");

        str2 = strdup("This shall be after my backslash 0 in str1");
        printf("New String : %s\n", strcat(str1, str2));
        return (0);
}

~

Abdellah IDRISSI
  • 530
  • 1
  • 5
  • 16
  • 1
    Sorry, I just resolved it, It seems like Printf looks for a \0 too, but because I didn't set a \0 at the end of the destination string, it then overflowed. END: mov [edi + ecx], byte 0b mov eax, [ebp + 8] jmp FINALIZE_END – Abdellah IDRISSI Mar 10 '12 at 12:33
  • Zeroing out registers before you load into them kinda defeats the purpose of writing asm... – R.. GitHub STOP HELPING ICE Mar 10 '12 at 12:39
  • I was just trying to avoid having issues whether I was to use 8 bits or 16 bits, and guess it gotten to be a bad habit, but thanks for the indirect advice. – Abdellah IDRISSI Mar 10 '12 at 12:44
  • It also looks like most of the registers you're saving and restoring don't need to be saved or restored. On the standard x86 abi at least, only ebp, esi, edi, and ebx are callee-saved, and if you don't use them, there's no need to save them. There's also no need to setup a frame pointer in ebp; just use esp-relative addressing. Until you make changes like this, your `strcat` is almost surely to be a lot slower than the standard one on short strings due to high entry/exit overhead. Of course even if you optimize it well, it probably still won't be faster but at least you learn some good tricks. – R.. GitHub STOP HELPING ICE Mar 10 '12 at 12:58

1 Answers1

5

strcat() appends the characters from one string to another string. The target string is modified. So strcat(str1, str2) modifies str1 to also contain the contents of str2.

Since not enough memory is allocated for str1 to contain the characters from both strings, this leads to an overflow.

sth
  • 222,467
  • 53
  • 283
  • 367
  • Thanks for that, You made me realize I was simply perfuming the issue with a \0. – Abdellah IDRISSI Mar 10 '12 at 12:51
  • Yes thank you for this. But how do you increase the memory then for str1? – fIwJlxSzApHEZIl May 05 '12 at 08:39
  • You must not increase it. since strcat() only appends the characters from one string to another, what you can do, is before using strcat(), you must be aware of the space you need and allocate it properly in order to avoid overflowing. for further information http://linux.die.net/man/3/strcat – Abdellah IDRISSI May 12 '12 at 13:41