The following series of problems concerns the following low-quality code.
void foo(int x)
int a[3];
char buf[4];
a[0] = 0xF0F1F2F3;
a[1] = x;
printf("a[0] = 0x%x, a[1] = 0x%x, buf = %s\n", a[0], a[1], buf);

In a program containing this code, procedure foo has the following disassembled form on an x86-64 machine:
0000000000400586 <foo>:
400586: 48 83 ec 18 sub $0x18,%rsp
40058a: c7 44 24 04 f3 f2 f1 movl $0xf0f1f2f3,0x4(%rsp)
400591: f0
400592: 89 7c 24 08 mov %edi,0x8(%rsp)
400596: 48 89 e7 mov %rsp,%rdi
400599: b8 00 00 00 00 mov $0x0,%eax
40059e: e8 bd fe ff ff callq 400460 <gets@plt>
4005a3: 8b 4c 24 08 mov 0x8(%rsp),%ecx
4005a7: 8b 54 24 04 mov 0x4(%rsp),%edx
4005ab: 49 89 e0 mov %rsp,%r8
4005ae: be 68 06 40 00 mov $0x400668,%esi
4005b3: bf 01 00 00 00 mov $0x1,%edi
4005b8: b8 00 00 00 00 mov $0x0,%eax
4005bd: e8 ae fe ff ff callq 400470 <__printf_chk@plt>
4005c2: 48 83 c4 18 add $0x18,%rsp
4005c6: c3 retq

For the following questions, recall that:
• gets is a standard C library routine.
• x86-64 machines are little-endian.
• C strings are null-terminated (i.e., terminated by a character with value 0x00).
• Characters '0' through '9' have ASCII codes 0x30 through 0x39.

Consider the case where procedure foo is called with argument x equal to 0xE3E2E1E0, and we type "123456789" in response to gets.

A. Fill in the following table indicating where on the stack the following program values are located. Express these as decimal offsets (positive or negative) relative to register %rsp:

Program Value-------Decimal Offset





B. Fill in the following table indicating which program values are/are not corrupted by the response from gets, i.e., their values were altered by some action within the call to gets.

Program Value-------Corrupted? (Y/N)




C. What will the printf function print for the following:

a[0] (hexadecimal): ________________________

a[1] (hexadecimal): ________________________

buf (ASCII characters): ________________________

Public Answer

M3ZFH0 The First Answerer