diff --git a/src/examples/overflow_jordon.c b/src/examples/overflow_jordon.c
index 786fd3cfe42ecaeef35740c17f40fb7addea3c79..6bb64dea9de4247d87447a0f5e7b0a5bbcd03e49 100644
--- a/src/examples/overflow_jordon.c
+++ b/src/examples/overflow_jordon.c
@@ -2,71 +2,78 @@
#include <stdio.h>
#include <string.h>
+// Function to copy a string from src to dst.
static void stringcopy(char* dst, const char* src)
{
- while (*src)
- *dst++ = *src++;
- *dst = '\0';
+ while (*src)
+ *dst++ = *src++;
+ *dst = '\0';
}
+// Function to read a line from standard input into the destination buffer.
static int getline(char* destination)
{
- char line[200];
- int i = 0;
- char* dst = destination;
+ char line[200]; // Buffer to hold the input line, limited to 200 characters.
+ int i = 0; // Counter variable to keep track of characters read.
+ char* dst = destination; // Pointer to the destination buffer where the input will be copied.
-//#define DEBUG_CODE
+//#define DEBUG_CODE // If defined, enables debug code for buffer overflow demonstration.
#ifdef DEBUG_CODE
- int r, c;
- unsigned* ret = (unsigned*)(&dst - 1);
+ int r, c;
+ unsigned* ret = (unsigned*)(&dst - 1); // Pointer to the return address on the stack.
- printf("Return address address: 0x%08x\n", (unsigned)&ret);
- printf("Return address content: 0x%08x\n", *ret);
- printf("Main function address : 0x%08x\n", (unsigned)main);
- printf("Line buffer address : 0x%08x\n", (unsigned)line);
+ printf("Return address address: 0x%08x\n", (unsigned)&ret);
+ printf("Return address content: 0x%08x\n", *ret); // Print the value at the return address.
+ printf("Main function address : 0x%08x\n", (unsigned)main); // Print the address of the main function.
+ printf("Line buffer address : 0x%08x\n", (unsigned)line); // Print the address of the line buffer.
#endif
- do /* !!! Buffer overflow when i >= 200 !!! */
- {
- if (read(STDIN_FILENO, &line[i], 1) != 1)
- break;
- } while (line[i++] != '\n');
+ // Read characters one by one until a newline character is encountered or the buffer is full.
+ do /* !!! Buffer overflow when i >= 200 !!! */
+ {
+ if (read(STDIN_FILENO, &line[i], 1) != 1)
+ break; // Failed to read the requested number of characters.
+ } while (line[i++] != '\n');
- line[i - 1] = '\0';
+ line[i - 1] = '\0'; // Null-terminate the line at the newline character.
#ifdef DEBUG_CODE
- for (r = 0; r < 16; ++r)
+ /* hex dump of read data */
+ for (r = 0; r < 16; ++r)
+ {
+ printf("0x%08x: ", (unsigned)&line[16 * r]);
+ for (c = 0; c < 16; ++c)
{
- printf("0x%08x: ", (unsigned)&line[16 * r]);
- for (c = 0; c < 16; ++c)
- {
- int code = line[16 * r + c] & 0xff;
- printf("\\x%02x", code);
- }
- printf("\n");
+ int code = line[16 * r + c] & 0xff;
+ printf("\\x%02x", code); // Print the characters in hexadecimal format.
}
+ printf("\n");
+ }
- printf("Return address content: 0x%08x\n", *ret);
+ printf("Return address content: 0x%08x\n", *ret);
#endif
- stringcopy(dst, line);
+ // Copy the contents of the line buffer to the destination buffer (potential buffer overflow!).
+ stringcopy(dst, line);
- return (strlen(line) > 1);
+ return (strlen(line) > 1); // Return 1 if the line has more than one character, otherwise 0.
}
+// Main function to echo every line entered by the user to the screen.
int main(void)
{
- char msg[2000];
- char quote = '"';
- char endl = '\n';
+ char msg[2000]; // Buffer to hold the message entered by the user.
+ char quote = '"';
+ char endl = '\n';
- while (getline(msg))
- {
- write(STDOUT_FILENO, "e, 1);
- write(STDOUT_FILENO, msg, strlen(msg));
- write(STDOUT_FILENO, "e, 1);
- write(STDOUT_FILENO, &endl, 1);
- }
+ // Infinite loop to keep reading lines and echoing them until the program is terminated.
+ while (getline(msg))
+ {
+ write(STDOUT_FILENO, "e, 1); // Write a double quote to the standard output.
+ write(STDOUT_FILENO, msg, strlen(msg)); // Write the message to the standard output.
+ write(STDOUT_FILENO, "e, 1); // Write another double quote to the standard output.
+ write(STDOUT_FILENO, &endl, 1); // Write a newline character to the standard output.
+ }
- return 0;
-}
+ return 0;
+}
\ No newline at end of file