CMSC216 HW07: Stack Smashing

Due: 11:59pm Sun 26-Oct-2025 on Gradescope
Approximately 0.83% of total grade

CODE DISTRIBUTION: hw07-code.zip

Download the code distribution
See further setup instructions below

CHANGELOG: Empty

1. Rationale
- Associated Reading / Preparation
- Grading Policy
2. Codepack
3. Questions

1 Rationale

Since return addresses for functions are stored in the function call stack, modifying stack data incorrectly can "clobber" return addresses. Historically this has been the target of many computer security problems, notably the class of "buffer overflow attacks" which plagued many sloppily written applications. The prevalence of these problems combined with the seeming inability of software developers to address them in critical code led the development somewhat automated means to at least detect when manipulations of the stack make it unsafe to continue execution of a program. Modern compilers like GCC insert these "stack protections" when options indicate to do so, typically the default behavior. This HW studies these techniques, reported as "stack smashing" when detected.

Associated Reading / Preparation

Bryant and O'Hallaron: Ch 3.10 on data layout in the stack can provide insight to the behavior in the smash programs of problem 2.

Grading Policy

Credit for this HW is earned by taking the associated HW Quiz which is linked under Gradescope. The quiz will ask similar questions as those that are present in the QUESTIONS.txt file and those that complete all answers in QUESTIONS.txt should have no trouble with the quiz.

Homework and Quizzes are open resource/open collaboration. You must submit your own work but you may freely discuss HW topics with other members of the class.

See the full policies in the course syllabus.

2 Codepack

The codepack for the HW contains the following files:

File	Description
`QUESTIONS.txt`	Questions to answer
`smash1.c`	Problem 1 erroneous program to analyze
`smash2.c`	Problem 1 erroneous program to analyze
`smash1_static`	Precompiled version of the `smash1` program to show stack smashing
`smash2_static`	Precompiled version of the `smash2` program

3 Questions

Analyze the files in the provided codepack and answer the questions given in QUESTIONS.txt.

                           _________________

                            HW 07 QUESTIONS
                           _________________


Write your answers to the questions below directly in this text file to
prepare for the associated quiz. Credit for the HW is earned by
completing the associated online quiz on Gradescope.


PROBLEM 1: Stack Smashing
=========================

A
~

  Examine the obviously flawed code in `smash1.c'.
  ,----
  |  1  // smash1.c: demonstrates problems with the function call stack
  |  2  #include <stdio.h>
  |  3  
  |  4  void fill_seq(int *a);
  |  5  void demo();
  |  6  
  |  7  int main(){
  |  8    printf("About to do the demo\n");
  |  9    demo();
  | 10    printf("Demo Complete\n");
  | 11    return 0;
  | 12  }
  | 13  
  | 14  void demo(){
  | 15    int arr[4];
  | 16  
  | 17    fill_seq(arr);
  | 18  
  | 19    for(int i=0; i<4; i++){
  | 20      printf("[%d]: %d\n",i,arr[i]);
  | 21    }
  | 22  }
  | 23  
  | 24  #define END 16
  | 25  void fill_seq(int *a){
  | 26    for(int i=0; i<END; i++){
  | 27      a[i] = (i+1)*2;
  | 28    }
  | 29  }
  `----

  Identify ahead of time what why this program is incorrect and the
  memory errors it is committing.


B
~

  Use the provided `Makefile' to compile the several programs that are
  in the code pack. Note that `smash1.c' is compiled twice with
  different compiler options and produces two different programs called
  - `smash1_protected'
  - `smash1_noprotect'

  Run both of these programs and observe their behavior.  Speculate as
  to WHY there are differences of errors reported.


C
~

  Run both `smash1' programs under Valgrind to give more insight as to
  the nature of the errors occurring. Describe in some more detail what
  the reported memory problems are in both cases.


D
~

  Utilize the `objdump -d' command to disassemble the two compiled
  object files that correspond to the two versions of the `smash1'
  program. This will show the assembly instructions generated by GCC for
  them.
  ,----
  | # show 
  | >> objdump -d smash1_protected
  | smash1_protected:     file format elf64-x86-64
  | Disassembly of section .text:
  | ...
  | 
  | >> objdump -d smash1_protected
  | smash1_noprotect:     file format elf64-x86-64
  | Disassembly of section .text:
  | ...
  `----

  Study these two and find where they differ. Note that the only
  differences are via the options which passed to GCC
  - `-fstack-protector-all' for the stack smashing version
  - `-fno-stack-protector' for the other
  The output of the disassembly will be somewhat long so it may be
  worthwhile to redirect the output into files like this
  ,----
  | >> objdump -d smash1_protected > PROTECTED.txt
  | >> objdump -d smash1_noprotect > NOPROTECT.txt
  `----
  and then analyze the resulting files.

  With some care, some obvious differences between these will show up in
  the code even if the effects of that code remain bit
  mysterious. Describe those differences. If you are stumped, consult
  the textbook which contains information in section 3.10.4 on this
  issue.


E
~

  Consider the alternative file `smash2.c'.  Note the similarities to
  the previous program but also slight changes in it.  Compile and run
  this program and report what errors you see. Describe if the errors
  are similar or not and relate these to changes in the program.
  ,----
  | >> make smash2
  | gcc -Wall -g -Og -fstack-protector-all -o smash2 smash2.c
  | >> ./smash2
  | ...
  `----