#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int bar(char *arg, char *out)
{
  strcpy(out, arg); // strcpy doesn't limit string length, so we can overflow
  return 0;
}
// knowing that the locals of foo come after its return address
// an overflow on buf will be able to change foo's return address
void foo(char *argv[])
{
  char buf[256]; // the buffer we will need to overflow
  bar(argv[1], buf);
}

int main(int argc, char *argv[])
{
  if (argc != 2)
    {
      fprintf(stderr, "target1: argc != 2\n");
      exit(EXIT_FAILURE);
    }
  foo(argv); // we get to pass a string into the program
  return 0;
}