CAS-003 · Question #964
CAS-003 Question #964: Real Exam Question with Answer & Explanation
The correct answer is C: A buffer overflow when using the command stropy(variable2) variable1[1]);. The code in question uses strcpy(variable2, variable1[1]), which copies the contents of variable1[1] into variable2. strcpy() performs no bounds checking - if variable1[1] contains more bytes than variable2 can hold, the excess data overwrites adjacent memory on the stack. This i
Question
Exhibit
Options
- AA memory leak when executing exit (0);
- BA race condition when switching variables in stropy(variable2) variable[1]);
- CA buffer overflow when using the command stropy(variable2) variable1[1]);
- DError handling when executing principle ("stropy () failed. \n." >;
Explanation
The code in question uses strcpy(variable2, variable1[1]), which copies the contents of variable1[1] into variable2. strcpy() performs no bounds checking - if variable1[1] contains more bytes than variable2 can hold, the excess data overwrites adjacent memory on the stack. This is the definition of a stack-based buffer overflow, a critical vulnerability class that can lead to arbitrary code execution. Option A is wrong because exit(0) is a normal, clean program exit that frees all resources; it does not cause a memory leak. Option B is wrong because the scenario does not involve concurrent thread execution or shared state access patterns that characterize a race condition. Option D is wrong because calling printf to report an error is standard error handling and does not represent a vulnerability in this context.
Community Discussion
No community discussion yet for this question.