Re: [tlug] C puzzle

[Josh Glover <jmglov@example.com>]

On Tue, Jul 30, 2002 at 11:29:45AM -0400, Viktor Pavlenko quoth, and most verily thus:
> 
> What about the one which always crashes?
> 
> The following program contains 25 characters, uses no library
> functions and segfaults when run:
> 
> main(){((void(*)())0)();}
> 
> I used the following line to test the code (may save you some typing):
> 
> $ echo 'main(){((void(*)())0)();}' > f.c; gcc -o f f.c; ./f; rm f.c f
> Segmentation fault

Now *that* is w4j 1337!

OK, here is my best guess of how it works:

main() contains one function call, which is typecast as a void pointer.
Therefore, the 0 is actually the function name, right? So what happens
when you exec it is it tries to exec whatever function lies at the memory
address 0x0, and that causes a segfault.

My gdb session would seem to confirm this, right?

(gdb) l
1       main(){((void(*)())0)();}
(gdb) b 1
Breakpoint 1 at 0x8048430: file f.c, line 1.
(gdb) r
Starting program: /home/jmglov/./f 

Breakpoint 1, main () at f.c:1
1       main(){((void(*)())0)();}
(gdb) p ((void(*)())0)
$1 = (void (*)()) 0
(gdb) p ((void(*)())0)()

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()


-- 
Josh Glover <jmglov@example.com>

Associate Systems Administrator
INCOGEN, Inc.