©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); }

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory Fill Direction Value to Change

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory int x Fill Direction Buffer (100 char) Value to Change

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory int x Return Pointer Fill Direction Buffer (100 char) Pointer to user_input sizeof buffer Pointer to Buffer Value to Change

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory int x Return Pointer Fill Direction Buffer (100 char) Pointer to user_input sizeof buffer Pointer to Buffer c0faffbf%d%n Value to Change

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory int x Return Pointer Fill Direction Buffer (100 char) Pointer to user_input sizeof buffer Pointer to Buffer c0faffbf%d%n c0faffbf Value to Change

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory int x Return Pointer Fill Direction Buffer (100 char) Pointer to user_input sizeof buffer Pointer to Buffer c0faffbf%d%n c0faffbf value of x Value to Change

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory int x Return Pointer Fill Direction Buffer (100 char) Pointer to user_input sizeof buffer Pointer to Buffer c0faffbf%d%n c0faffbf value of x Value to Change

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory int x Return Pointer Fill Direction Buffer (100 char) Pointer to user_input sizeof buffer Pointer to Buffer c0faffbf%d%n c0faffbf value of x 5

©2002, Ed Skoudis Format String Stack View main() { char user_input[100]; char buffer[100]; int x; … /*get user_input*/ … snprintf(buffer, sizeof buffer, user_input); } Top of Memory Bottom of Memory int x Return Pointer Fill Direction Buffer (100 char) Pointer to user_input sizeof buffer Pointer to Buffer c0faffbf%.255d%n c0faffbf value of x 259