A few problems there:
- You only reserve 27 bytes at
exec
but you need 28 so you overwrite the start ofbuffer
. What you are seeing ingdb
is part yourexec
block followed by thebuffer
. Notice you have 3D
placeholders left, but you will write 4 more bytes. This is the main issue. - You pass the message length into the
read
syscall. Not a terrible problem but limits input to 17 bytes while you have space for 128. - The
read
system call returns the line feed, but doesn't null terminate the string. Depending on memory layout, you might get lucky with a following zero byte and the line feed is ignored by the shell. For safety you should replace the\n
with a 0 yourself.