User: Password:
|
|
Subscribe / Log in / New account

Format string vulnerabilities

Format string vulnerabilities

Posted Feb 2, 2012 23:16 UTC (Thu) by csd (subscriber, #66784)
In reply to: Format string vulnerabilities by khim
Parent article: Format string vulnerabilities

I meant that the *implementation* of puts is faster than printf, as puts doesn't have to parse through the first param like printf does. In your example, gcc simply optimized the code into calling puts instead of printf, which it can only do for a very limited number of cases (e.g. with a fixed constant as the 1st param, which is not the case that this article covers). In this very similar example, you can see that the generated code is quite different and will be slower to run:

$ echo 'void foo() { extern char *str; printf(str, "bar"); } ; char * str = "%s\n";' | gcc -S -O2 -xc - -o-
.file ""
<stdin>: In function ‘foo’:
<stdin>:1: warning: incompatible implicit declaration of built-in function ‘printf’
.section .rodata.str1.1,"aMS",@progbits,1
.LC0:
.string "bar"
.text
.p2align 4,,15
.globl foo
.type foo, @function
foo:
.LFB0:
.cfi_startproc
movq str(%rip), %rdi
movl $.LC0, %esi
xorl %eax, %eax
jmp printf
.cfi_endproc
.LFE0:
.size foo, .-foo
.globl str
.section .rodata.str1.1
.LC1:
.string "%s\n"
.data
.align 8
.type str, @object
.size str, 8
str:
.quad .LC1
.ident "GCC: (Ubuntu/Linaro 4.4.4-14ubuntu5) 4.4.5"
.section .note.GNU-stack,"",@progbits

So I'll restate my original statement to: "... In most cases, it's faster too"


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds