Julia Evans

Hacker School Day 1: Messing around with the stack in C

Today was the first day of Hacker School. There were tons of amazing people and it was fun and a bit overwhelming.

I paired with Daphne on a shell in C which is called _dash right now. She is fantastic and taught me tons of things about C.

When trying to tokenize strings in our shell, we ran into a super unintuitive bug. Here’s the gist of it:

#include <stdio.h>

void set_strings(char*** strings) {
  char* strs[] = {"banana"};
  *strings = strs;
}

int main() {
  char** strings;
  set_strings(&strings);
  printf("First print: '%s'\n", strings[0]);
  char* s = "abc";
  printf("Second print: '%s'\n", strings[0]);
}

{:lang=‘ruby’}

So this looks like normal code that would print “banana” twice. But here’s what actually happens:

[email protected] ~/w/h/gists> gcc write-to-stack.c&& ./a.out
First print: 'banana'
Second print: 'UH�WAVAUE1TE1H�H�'

{:lang=‘text’}

As I understand it, this is because this line:

char* strs[] = {“banana”};

gets allocated on the stack and not on the heap. So the pointer in strings points to the stack and when you do something like setting a variable, it becomes something weird. It took us a while to figure out what was going on. YAY!

It’s sort of exciting to get bugs that are (as far as I know) totally impossible in Python.