#include <stdio.h> #include <string.h> // Run with: `setarch x86_64 -vLR ./a.out` // This will generate compilation warnings void vuln(char buffer[256]) { printf(buffer); /* Bad; good would be: printf("%s",buffer) */ } int main(int argc, char *argv[]) { char buffer[256] = ""; /* allocate buffer */ if (2 == argc) /* copy command line */ strncpy(buffer, argv[1], 255); printf("%x\n",(unsigned int)&buffer[0]); vuln(buffer); return 0; }