Reputation: 21
array address when pushed to stack
I wrote a simple c function:
void function(){
int n;
char s[6];
n = 1;
s[0] = 2;
s[5] = 3;
}
This disassembles to:
pushl %ebp
movl %esp, %ebp
sub $40, %esp
movl $1, -12(%esp)
movb $2, -40(%esp)
movb $3, -35($esp)
leave
ret
I am trying to understand why the char[] is given the address that starts at -40.
it is a 6 byte array, so I would think that it would require 8 bytes (multiple of 4-byte word), in which case it would be assigned to the memory address -20(%esp)
Why -40(%esp)?
Thanks
EDIT: I am also under the assumption that n is given the offset of -12(%esp) because ints and registers are 4 bytes, and eip is pushed to -4(%esp) and ebp is pushed to -8(%esp). Is this correct?
Thank you in advance!!
Upvotes: 2
Views: 211
Answers (1)
Reputation: 12918
There should be movl $1, -12(%ebp) and so on.
s[] is a buffer, so compiler may allocate additional space for security checks (but there isn't any checks).
There is the following layout:
esp+44: ebp+04: return address
esp+40: ebp+00: prev ebp value
.......
esp+12: ebp-12: n
.......
esp+04: esp-3C: s[4:6]
esp+00: ebp-40: s[0:4]
Upvotes: 1
Related Questions
- confused about address of value in stack
- x86: Why does one stack-allocated array overwrite the other?
- The addressing of stack variables
- Arrays memory allocation on stack
- Push address of stack location instead of the value at the address
- Stack addresses using gdb
- Stack: return address
- Memory addresses of stack
- Understanding pushing onto the stack (x86 IA32 assembly)
- Access array indices on x87 stack