Let me try to clarify. GCC is allocated more than 512 bytes,
0x080483a7 <func+3>: sub $0x208,%esp
0x208= 520 in this case.
Where are those extra 8 bytes? They're in between what gcc is considering the start of buf, &buf[0] and %esp (the top of the stack). I'm considering those extra 8 bytes to be the "padding". buf[0] is at 0xfffffe00(%ebp) [ -512(%ebp) ]. I would prefer that gcc started buf at 0xfffffdf8(%ebp), leaving those 8 bytes in between buf[511] and the saved frame pointer *(%ebp) instead. If the padding is there anyway, I would prefer it was used to improve security, as gcc 3 used to. On 1/25/07, Denis Vlasenko <[EMAIL PROTECTED]> wrote:
On Thursday 25 January 2007 01:43, In Cognito wrote: > > > 0x080483a7 <func+3>: sub $0x208,%esp > > > 0x080483ad <func+9>: mov 0x8(%ebp),%eax > > > 0x080483b0 <func+12>: mov %eax,0x4(%esp) > > > 0x080483b4 <func+16>: lea 0xfffffe00(%ebp),%eax > > > 0x080483ba <func+22>: mov %eax,(%esp) > > > 0x080483bd <func+25>: call 0x80482e8 <[EMAIL PROTECTED]> > > > 0x080483c2 <func+30>: leave > > > 0x080483c3 <func+31>: ret > > > > > > 0x208 = 520 bytes; alright padding can be useful > > > 0xfffffe00(%ebp) = -512 + ebp. > > > > What padding? It's a place for strcpy parameters... > > char buf[512] > > sub $0x208,%esp > > 0x208 = 520 bytes allocated on the stack. there are 8 extra bytes > between %esp and buf[0]. Exactly. Two 32-bit stack slots. And look for what these two stack slots are used: > > > 0x080483ad <func+9>: mov 0x8(%ebp),%eax > > > 0x080483b0 <func+12>: mov %eax,0x4(%esp) [esp+4] = b > > > 0x080483b4 <func+16>: lea 0xfffffe00(%ebp),%eax > > > 0x080483ba <func+22>: mov %eax,(%esp) [esp] = &buf > > > 0x080483bd <func+25>: call 0x80482e8 <[EMAIL PROTECTED]> call strcpy This is it. strcpy will see them on stack as parameters. It isn't padding. -- vda
