Checking your assumptions:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
int main(int argc, char *argv[]) {
char *command = (char *)malloc(400);
bzero(command, 400);
strcpy(command, "./search \'");
char *buffer = command + strlen(command);
memset(buffer, 0x41, 300);
strcat(command, "\'");
int last = -1;
int n = 0;
for (int i = 0; i < 400; i++) {
if (n && command[i] != last) {
printf("%d %d x %02x '%c'\n", i - n, n, last, last);
n = 1;
} else {
n++;
}
last = command[i];
}
printf("%d %d x %d '%c'\n", 400 - n, n, last, last);
return 0;
}
Produces this output:
0 1 x 2e '.'
1 1 x 2f '/'
2 1 x 73 's'
3 1 x 65 'e'
4 1 x 61 'a'
5 1 x 72 'r'
6 1 x 63 'c'
7 1 x 68 'h'
8 1 x 20 ' '
9 1 x 27 '''
10 300 x 41 'A'
310 1 x 27 '''
311 89 x 0 ''
This looks right, and doesn't agree with the diagnosis in the question. So either gdb is broken, or you're looking at the bytes after they are freed.