Hi,

I was trying out examples given in Aleph One's Smashing the Stack article. But somehow I am not getting the expected results. I am running RedHat Linux Kernel 2.4-20 on an Intel Piii.

For instance, this example is printing "1" instead of expected "0"....

void function(int a, int b, int c) {
char buffer1[5];
char buffer2[10];
int *ret;

ret = buffer1 + 12;
(*ret) += 8;
}

void main() {
int x;

x = 0;
function(1,2,3);
x = 1;
printf("%d\n",x);
}

The generated assembly is also different from the one given in the article:
---------------------------------------------------------------------
0x08048346 <main+0>: push %ebp
0x08048347 <main+1>: mov %esp,%ebp
0x08048349 <main+3>: sub $0x8,%esp
0x0804834c <main+6>: and $0xfffffff0,%esp
0x0804834f <main+9>: mov $0x0,%eax
0x08048354 <main+14>: sub %eax,%esp
0x08048356 <main+16>: movl $0x0,0xfffffffc(%ebp)
0x0804835d <main+23>: sub $0x4,%esp
0x08048360 <main+26>: push $0x3
0x08048362 <main+28>: push $0x2
0x08048364 <main+30>: push $0x1
0x08048366 <main+32>: call 0x8048328 <function>
0x0804836b <main+37>: add $0x10,%esp
0x0804836e <main+40>: movl $0x1,0xfffffffc(%ebp)
0x08048375 <main+47>: sub $0x8,%esp
0x08048378 <main+50>: pushl 0xfffffffc(%ebp)
0x0804837b <main+53>: push $0x8048438
0x08048380 <main+58>: call 0x8048268 <printf>
0x08048385 <main+63>: add $0x10,%esp
0x08048388 <main+66>: leave
0x08048389 <main+67>: ret
End of assembler dump.
---------------------------------------------------------------------

instead of
---------------------------------------------------------------------
Dump of assembler code for function main:
0x8000490 <main>: pushl %ebp
0x8000491 <main+1>: movl %esp,%ebp
0x8000493 <main+3>: subl $0x4,%esp
0x8000496 <main+6>: movl $0x0,0xfffffffc(%ebp)
0x800049d <main+13>: pushl $0x3
0x800049f <main+15>: pushl $0x2
0x80004a1 <main+17>: pushl $0x1
0x80004a3 <main+19>: call 0x8000470 <function>
0x80004a8 <main+24>: addl $0xc,%esp
0x80004ab <main+27>: movl $0x1,0xfffffffc(%ebp)
0x80004b2 <main+34>: movl 0xfffffffc(%ebp),%eax
0x80004b5 <main+37>: pushl %eax
0x80004b6 <main+38>: pushl $0x80004f8
0x80004bb <main+43>: call 0x8000378 <printf>
0x80004c0 <main+48>: addl $0x8,%esp
0x80004c3 <main+51>: movl %ebp,%esp
0x80004c5 <main+53>: popl %ebp
0x80004c6 <main+54>: ret
0x80004c7 <main+55>: nop
---------------------------------------------------------------------

Shall be grateful if somebody can point out what is the problem and what am I doing wrong.

TIA,
esprain