Crash the Standard I/O Library

Audience: Beginning C programming students

Objectives

  1. Students will see that vendor-supplied libraries and programs may not be robust
  2. Students will learn how to test libraries for incorrectness and non-robustness

Exercise

Please write three programs that use functions from the standard I/O library. You are to call the functions in such a way that they cause the program to crash, or generate unpredictable results. To demonstrate crashing, use output from gdb(1) to show that the crash occurred within the standard I/O library. To demonstrate unpredictable results, run your program without changes on at least two different types of computers in the student laboratories. Note that you must supply the correct type of argument for the function. You may not, for example, pass in a character pointer when a file pointer is expected.

Discussion questions

  1. What happens if you pass the wrong type of argument to the library?
  2. What other libraries might be vulnerable to this type of testing?
  3. What types of arguments are most susceptible to attack?