SEC 3213: Software Security

2nd Trimester: 2024

Lab 1

Overview:
This lab focuses on C programming and debugging techniques.

Part 1: C Programming Refresher

1. What do the preprocessor, compiler, and linker do?

1. Preprocessor: Prepares the code by processing directives like #include.

2. Compiler: Converts code to machine-readable instructions.

3. Linker: Combines parts of the program into a complete executable.

2. Explain the differences between these literals:

1. 5: An integer.

2. '5': A character, storing its ASCII value.

3. "5": A string (array of characters).

4. 5.0: A floating-point number.

3.Given the following C code:

const char *str = "hello";
char ch = str[1];
 if (ch >= 'A' && ch <= 'Z') {
printf("uppercase\n");
} else if (ch >= 'a' && ch <= 'z') {
printf("lowercase\n");
} else {
printf("other\n");
}

What will be the output of this code?

Output: lowercase

What would the output be if we changed the string "hello" to "HELLO"?

Output: uppercase

What would the output be if we changed the string "hello" to "123"?

Output: other

Part 2: Makefile and GDB

App.o: App.c App.h

gcc -c App.c -o App.o

Compress.o: Compress.c App.h

gcc -c Compress.c -o Compress.o

Differentiate.o: Differentiate.c App.h

gcc -c Differentiate.c -o Differentiate.o

Filter.o: Filter.c App.h

gcc -c Filter.c -o Filter.o

Scale.o: Scale.c App.h

gcc -c Scale.c -o Scale.o

App: App.o Compress.o Differentiate.o Filter.o Scale.o

gcc App.o Compress.o Differentiate.o Filter.o Scale.o -o App

clean:
rm -f App.o Compress.o Differentiate.o Filter.o Scale.o App Output.bin
Second: GDB
Part 3: Modifying C programs First:
Leap Program:

Second: Signed and unsigned types program:

a. Observe lines 2-3, why do the results for char and unsigned char differ from those
of int?
Answer:

• Range:
char and unsigned char typically have a smaller range than int. For example, char ranges
from -128 to 127 (signed) or 0 to 255 (unsigned), whereas int typically has a larger range,
e.g., -2^31 to 2^31-1 (on a 32-bit system).
• Overflow/Underflow:
When the sum of two char or unsigned char values exceeds their maximum representable
value, overflow occurs, causing the result to wrap around to the minimum value.
Conversely, underflow occurs if the sum falls below the minimum value, causing the result
 to wrap around to the maximum value. Since int has a larger range, it's less likely to
experience overflow or underflow.

b. Explain how overflow and underflow affect the results, specifically for char and
unsigned char values.

Answer:

• Unsigned Char:
When adding 0xFF (255) with another value, the sum exceeds the maximum value for an
unsigned char (255). This causes overflow, wrapping the result back around to 0. For
example, 0xFF + 1 (in decimal) results in 0 due to overflow, even though the actual sum
(256) would be outside the range of an unsigned char.
• Signed Char:
A similar overflow can occur with a signed char if the sum exceeds the positive or negative
range of the char. For example, if a sum goes above 127 or below -128, it will wrap around,
but how the compiler handles negative overflow may vary, resulting in implementation-
defined behavior.

Part 4: Building C Programs

1. Write a C program to allocate memory on the stack and heap, similar to the memory layout
a. Describe how the stack and heap grow and in which direction. By observing the address
patterns in above question, you can also infer the growth direction of the stack and heap.
Answer:
Stack: Variables declared within a function (e.g., stackVar) are allocated on the stack. These
variables have automatic storage duration and are released when the function exits.
Heap: Memory allocated using malloc resides on the heap and persists until explicitly freed
using free().

b. Analyze the memory addresses to understand the memory layout. Why is the difference
between addresses like 0x24, 0x28, and 0x2C consistently 4 bytes, while the difference
between addresses like 0x40, 0x48, and 0x50 is 8 bytes? What do the values stored at these
addresses reveal about the data types and memory organization? Additionally, explain the
significance of the arrows pointing to certain memory locations.
Answer:
Stack: Typically grows downward towards lower memory addresses.
Heap: Typically grows upward towards higher memory addresses.

c. Identify the data structure represented by the values at addresses 0x24, 0x28, and 0x2C.
Answer:
Difference of 4 bytes: Addresses such as 0x24, 0x28, and 0x2C differ by 4 bytes because
they represent int data types, which are typically 4 bytes in size. Difference of 8 bytes:
Addresses such as 0x40, 0x48, and 0x50 differ by 8 bytes because they represent double
data types, which are typically 8 bytes in size. Significance: These differences highlight how
data types are organized in memory. Arrows pointing to specific addresses indicate pointers
or references to those memory locations.

2. We know that a double-precision floating-point array like double a[] = {3.14, 2.71};
Submission:
Upload one combined pdf on Blackboard that has:
• Part 1: Answers to all the questions
• Part 2: Complete Makefile and screenshots of your steps performing GDB
• Part 3: Answers to all the questions for both programs, namely: test_leap.c and
test_types.c
• Part 4: The two complete programs