Question Authors' Forum

no consequences of array boundary violation

Picture of Richard Lobb
Re: no consequences of array boundary violation
by Richard Lobb - Friday, 20 November 2015, 8:46 PM

Hi Jesko

I looked further into why the stack smashing detection seems to disappear when you reduce the size of your char arrays to 2 or 3. If I look at the generated code, it seems the gcc compiler stops inserting the stack-smashing detection code when you reduce the size of the arrays below 4.

I was so puzzled by this that I emailed when of the staff members here, Michael Hayes, who once worked on the gcc compiler. He checked the gcc source code and discovered a bit of code that explicitly turns off stack-smashing detection when arrays fit within a single integer. Why they do that is anybody's guess. A gcc bug, perhaps?

Nothing to do with CodeRunner, but interesting, eh?!

Certainly your lab advisers need to make students very aware of buffer-overflow risks, and also problems arising from uninitialised variables. That's part of the "fun" of learning C. Uninitialised variable problems are particularly common when testing C functions in CodeRunner as the default C_function question type tries to package all the test cases into a single run using the combinator template. The student's function thus gets called repeatedly in the same run, so if they don't explicitly initialise their variables their code breaks. An excellent lesson for them, but I do get a bit sick of their telling me "my code works fine when I run it on my machine".

Of course, you could turn off the combinator template, but that just hides the problem, which could still occur even if the function were called only once. It's better to highlight the issue, I think.