A Study on Corruption

#include "stdafx.h"


void OverflowMyBuffer(char *szTest)
{
    // Copy a string of size 13 into a buffer of unknown size. We'll, I'm cheating: I know its size, it's 3 bytes...
    strcpy(szTest, "Hello, world!");  
}
                       
void test ()
{
    const char format[] = "* * * * * nine = %d, eight = %d, seven = %d, szSmallBuffer = '%s'\n";
	// Const everywhere: this cannot change, right? The compiler would tell us, wouldn't it? Well, the contents of this array will be corrupted by a buffer overflow. Stay tuned...
    const int const arr[3] = { 9, 8, 7 };  
    char szSmallBuffer[3];
	// The buffer has no room for the ending zero, but VC++ doesn't seem to mind... 
    strcpy(szSmallBuffer, "abc"); 
	// The next line prints * * * * * nine = 9, eight = 8, seven = 7, szSmallBuffer = 'abc'; not bad. The ending zero after 'abc' has disappeared.
    printf(format, arr[0], arr[1], arr[2], szSmallBuffer); 
    OverflowMyBuffer(szSmallBuffer);
	// The next line prints * * * * * nine = 1998597231, eight = 1684828783, seven = 33, szSmallBuffer = 'Hello, world!'
	// 33 is the ANSI code for '!'; suspicion arises...  
    printf(format, arr[0], arr[1], arr[2], szSmallBuffer); 
	// The next line prints: arr as a string: 'o, world!'
    printf("arr as a string: '%s'\n", arr); 
}

int _tmain(int argc, _TCHAR* argv[])
{
    printf("\n-----\nIn main, before test()\n-----\n");
    test();
    printf("\n-----\nIn main, after test()\n-----\n");
	return 0;
}