Buffer Overflow - fvwrite.c and fread.c sources

[nikunj badjatya <nikunjbadjatya%gmail.com@localhost>]

Hi All,
I am just 3 months old to Linux and Cprogramming.
Recently started investigating on Buffer overflow issues with fvwrite.c and
fread.c sources. Present in lib/libc/stdio/* folder.
Here's my investigation:-
{
There is a memcpy function.

*1. at line 81 in fread.c -
(void)memcpy((void *)p, (void *)fp->_p, (size_t)r);

2. and at line 168 in fvwrite.c. after expanding COPY macro*.

To understand these, FILE structure knowhow is required and its various
contents as defined in the file stdio.h like _p, _r, _flags etc.

I have written a sample code to find out the contents of the FILE structure.
It opens a sample file (by FILE *fp ), does some read/write operations on
it. and at the end prints
fp->_p, fp->_r etc. contents.

}

*Code:

#include<stdio.h>
#include<string.h>

int main()
{
int *i, j;
size_t n;
const char *buf;
unsigned char *t;
FILE *fp;

fp = fopen("test.txt", "r+" );

buf = "This is Test String , This is Test String\n" ;*
*
n = fwrite(buf, 1, 10, fp);

if( fp->_p )
       printf(" Its not null");

//i = (int *)memcpy((void *)t, (const void *)buf, (size_t)(10)) ;

j = (int)fp->_r ;
t = fp->_p ;

*
*printf("j = %d , t = %x \n", j, t);

return 0;
}*


This will give error with gcc:


*In function ?main?:
error: ?FILE? has no member named ?_p?
error: ?FILE? has no member named ?_r? *

I am using fwrite because it internally calls __sfvwrite function which is
inside fvwrite.c source.
Similarly is the case with fread.c source.!!

I understand that the contents of FILE structure are implementation defined.
I am having 32bit unix system, x86 processor.
How do I know the contents of FILE structure.?

Any idea.?

Thanks,
Nikunj
Bangalore, India