what is stack smashing (C)?

Gonzalez picture Gonzalez · Nov 4, 2016 · Viewed 38.3k times · Source

Code:

int str_join(char *a,  const char *b) {
   int sz =0; 
   while(*a++) sz++;  
   char *st = a -1, c;  
   *st = (char) 32;
   while((c = *b++)) *++st = c;  
   *++st = 0;
   return sz;
}

....

char a[] = "StringA"; 
printf("string-1 length = %d, String a = %s\n", str_join(&a[0],"StringB"), a);

Output:

string-1 length = 7, char *a = StringA StringB

*** stack smashing detected **** : /T02 terminated

Aborted (core dumped)

I don't understand why it's showing stack smashing? and what is *stack smashing? Or is it my compiler's error?

Answer

Sourav Ghosh picture Sourav Ghosh · Nov 4, 2016

Well, stack smashing or stack buffer overflow is a rather detailed topic to be discussed here, you can refer to this wiki article for more info.

Coming to the code shown here, the problem is, your array a is not large enough to hold the final concatenated result.

Thereby, by saying

 while((c = *b++)) *++st = c;

you're essentially accessing out of bound memory which invokes undefined behavior. This is the reason you're getting the "stack smashing" issue because you're trying to access memory which does not belong to your process.

To solve this, you need to make sure that array a contains enough space to hold both the first and second string concatenated together. You have to provide a larger destination array, in short.