Bug Four Answer

This is a word-alignment problem. In pack, there is a memcpy call used to transport the int into an arbitrary position in memory. However, in unpack the void pointer is simply cast to an int pointer and dereferenced. This won't work (on most machines) if the pointer is not to an address which is a multiple of 4. That is the difference between the first and second call to unpack in the hint program. In the first case, the int just happens to be at an address which is a multiple of four (since the string is 4 bytes long, including the terminating null). In the second case, the int is out of alignment.

I found this bug in the wild about a week ago while I was programming multiplayer networked tetris. The pack and unpacking ideas are used to put together data in a packet format to be sent via TCP/IP. This is just another example of why your favorite random string should not have length one less than a multiple of four (since otherwise you would never notice this bug)!


Bugs