Segmentation Fault – a not so mysterious one

Recently I joined a Free Code Camp Meeting and after some chatting , introduction and so on I came up with a problem I had with an old C program of mine.

I said it is quite old and  some months ago I changed my Ubuntu version form 12.04 LTS which I think is precious pangoline to 14.04 LTS or something called T* Tahr. Some friend of a friend told me to get rid of Unity , which I did because my old laptop had no hardware support for it. ( there Xfce and others , but that’s another story )

So , chatsome as I was I told them a real “horror” story of the program was steganographic and used by me to retrieve the password for my netbanking account. It needs a key and correct parameters to work other wise it will just print an error. It works by manipulating the color palette in a gif file , because gif does not have any checksums.

The friendly hacker told me , he has not worked with C for quite an eternity , but tried its best  …. used commands like dmesg after compiling and running and told me it was something in libc … probably the file pointer and generally it would be better to recode it in another language since I know so many.

Well, I tried the next day to repair the program – even planned to put this mysterious segmentation fault program  on github – + felt proud of having discovered a new bug in a newer ubuntu version, maybe a kernel error + … well, I found the error and it was not quite what expected.

First after testing the code line by line again , the error was not the file pointer. However it printed an error when used in a later part of the program , but I set it on the beginning , read all the 1024 bytes in an array and still an error.

I found the error and it was trivial.

I think I should present the code first.

#include<stdio.h>
#include<stdlib.h>

int main(int argc,char *arg[])
{unsigned int i,j,k,v,x;
unsigned char y[8],c,cc;
unsigned char t[67]=”+ABCDEFGHIJKLMNOPQRSTUVWXYZ01234+abcdefghijklmnopqrstuvwxyz56789++”;
char name[32];
unsigned char f[2048]=”dfjlasjdflasjdflkajsldfkjaslkdfjlaskjdf”;
unsigned char p[16]=”pass”;
printf(“hello\n”);

i=0;
name[0]=’a’;name[1]=0;

printf(“%s\n”,name);

for(i=0;i<1024;++i){f[i]=’a’;}

i=0;
while(p[i]!=0)
{c=p[i];

if((c>=’0′)&&(c<=’4′)){c=c-‘0′;c=c+1*16;c=c+11;}
if((c>=’5′)&&(c<=’9’)){c=c-‘0′;c=c+3*16;c=c+6;}

y[i*6]=((c&32)/32)+’0′;y[i*6+1]=((c&16)/16)+’0′;
y[i*6+2]=((c&8)/8)+’0′;y[i*6+3]=((c&4)/4)+’0′;
y[i*6+4]=((c&2)/2)+’0′;y[i*6+5]=(c&1)+’0’;
++i;
}
y[i*6]=0;

i=0;j=0;k=0;v=32;
while(i<1024)
{c=f[i];
if((i>16)&&(i<(16+2*256)))
{cc=y[j%24];cc=cc-‘0’;
x=c;x=x&1;x=x^cc;

if(x==1){k=k+v;}
if(v==1)
{/*printf(“%02x-%c “,k,t[k%64]);*/
printf(“%c”,t[k%64]);
k=0;v=64;}
v=v/2;
++j;
}
++i;
}

printf(“\n\n”);
return 0;
}

In the while-clause ” while(p[i]!=0) ” there is an array y. The p array is 16 bytes, while the y array is only 8 bytes and in the while-clause I even used y[i*6]. So, it was a miracle it did not blow earlier.

 

 

 

 

 

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s