13.7.1 Simple C program (gcc
)
A simple example to compile example.c
with a library
libm
into an executable run_example
:
$ cat > example.c << EOF
#include <stdio.h>
#include <math.h>
#include <string.h>
int main(int argc, char **argv, char **envp){
double x;
char y[11];
x=sqrt(argc+7.5);
strncpy(y, argv[0], 10); /* prevent buffer overflow */
y[10] = '\0'; /* fill to make sure string ends with '\0' */
printf("%5i, %5.3f, %10s, %10s\n", argc, x, y, argv[1]);
return 0;
}
EOF
$ gcc -Wall -g -o run_example example.c -lm
$ ./run_example
1, 2.915, ./run_exam, (null)
$ ./run_example 1234567890qwerty
2, 3.082, ./run_exam, 1234567890qwerty
Here, -lm is needed to link library
libm
for sqrt()
. The actual library
is in /lib/
with filename libm.so.6
, which is a
symlink to libm-2.1.3.so
.
Look at the last parameter in the output text. There are more than 10
characters even though %10s is specified.
The use of pointer memory operation functions without boundary checks, such as
sprintf
and strcpy
, is deprecated to prevent buffer
overflow exploits that leverage the above overrun effects. Instead, use
snprintf
and strncpy
.