Categories
buffer-overflow c shellcode

Stack Smashing attempt giving segfault

I am trying to do an example from the Smashing the Stack for Fun and Profit in C, but am kind of stuck at a point,
following is the code (I have a 64-bit machine with Ubuntu 64-bit):

int main()
{
int x;
x = 0;
func(1,2,3);
x = 1;
printf("x is : %d\n", x);
}
void func(int a, int b, int c)
{
char buffer[1];
int *ret;
ret = buffer + 17;
(*ret) += 7;
}

The above code works fine and on returning the x=1 line is not executed, but I can’t understand the logic behind ret = buffer + 17;, shouldn’t it be ret = buffer + 16; i.e, 8bytes for buffer and 8 for the saved base pointer on stack.

Secondly, my understanding is that char buffer[1] is taking 8 bytes (owing to 64-bit arch)
and if I increase this buffer to say buffer[2], still the same code should work fine, BUT this is not happening and it starts giving seg fault.

Regards,
Numan