Im working on the bof challange in http://pwnable.kr/play.php.
the source code has a function func:
void func(int key){
char overflowme[32];
printf("overflow me : ");
gets(overflowme); // smash me!
if(key == 0xcafebabe){
system("/bin/sh");
}
else{
printf("Nah..\n");
}
}
when disassembling, it starts like this:
0000062c <func>:
62c: 55 push %ebp
62d: 89 e5 mov %esp,%ebp
62f: 83 ec 48 sub $0x48,%esp
632: 65 a1 14 00 00 00 mov %gs:0x14,%eax
638: 89 45 f4 mov %eax,-0xc(%ebp)
63b: 31 c0 xor %eax,%eax
63d: c7 04 24 8c 07 00 00 movl $0x78c,(%esp)
644: e8 fc ff ff ff call 645 <func+0x19>
649: 8d 45 d4 lea -0x2c(%ebp),%eax
64c: 89 04 24 mov %eax,(%esp)
64f: e8 fc ff ff ff call 650 <func+0x24>
654: 81 7d 08 be ba fe ca cmpl $0xcafebabe,0x8(%ebp)
...
the overflowme buffer is 32 byte , but instruction 62f allocates 0x48=72 bytes on the stack, why does it allocates much more memory than it seems to need ?
