// usage: bufoverflow <filename>
// 
// files with more than 512B content will cause overflows.
// smaller files work just fine.

#include <stdint.h>
#include <string.h>
#include <stdio.h>

/*
 before exploit                after exploit

 +++++++++++++                 +++++++++++++
 + saved RIP + <-- rbp+8       + &shellc   +---\
 +++++++++++++                 +++++++++++++   |
 + saved RBP + <-- rbp         + anything  +   |
 +++++++++++++                 +++++++++++++   |
 +           +                 +           +   |
 +           +                 +           +   |
...         ...               ...         ...  |
 +           +                 +           +   |
 +  (512 B)  +                 +           +   |
 +   array   + <-- rbp-0x200   + shellcode +<--/
 +++++++++++++     rsp         +++++++++++++
*/

int mystr(char *fn) {
    char mystr[512];
    register FILE *f = fopen(fn, "rb");
    fread(mystr, 1024, 1, f); // VULNERABLE! reading 1024B into 512B buf
    return mystr[0];
}

int main(int argc, char *argv[]) {
    if (argc != 2) { printf("too few args."); return 1; }
    return mystr(argv[1]);
}