所以我有這個 for 回圈,我為指標陣列中的每個字串分配記憶體
for (int i = 0; i < N; i) {
ptr[i] = malloc(14 * sizeof(char));
}
如果我檢查回圈本身的malloc回傳值for,我的學校編譯器會給我一些錯誤
for (int i = 0; i < N; i) {
ptr[i] = malloc(14 * sizeof(char));
if (!ptr[i]) {
fprintf(stderr, "Out of memory!\n");
exit(-10);
}
}
如何malloc在for回圈中正確檢查回傳值和記憶體是否實際分配?
代碼:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdbool.h>
#define N 2
int main(void) {
char **ptr;
ptr = (char **)malloc(N * (sizeof(char *)));
if (!ptr) {
fprintf(stderr, "Out of memory!\n");
exit(-10);
}
char *hamburger = "hamburger";
char *icecream = "icecream";
for (int i = 0; i < N; i) {
ptr[i] = malloc(10 * sizeof(char));
if (!ptr[i]) {
fprintf(stderr, "Out of memory!\n");
exit(-10);
}
}
strcpy(ptr[0], hamburger);
strcpy(ptr[1], icecream);
char *end = "pay";
char input[80] = "";
int price = 0;
while (!str_compare(input, end)) {
scanf("%s", input);
if (str_compare(ptr[0], input))
price = 150;
if (str_compare(ptr[1], input))
price = 40;
}
printf("Total price %d", price);
for (int i = 0; i < N; i ) {
free(ptr[i]);
}
free(ptr);
ptr = NULL;
hamburger = NULL;
icecream = NULL;
end = NULL;
return 0;
}
錯誤:D
================================================== ==================13==錯誤:AddressSanitizer:堆緩沖區溢位在地址 0x6020000000dd 上 pc 0x5637075280da bp 0x7ffc25536920 sp 0x7ffc255360c8 WRITE 00050000000080000000000008000000008000000000000000000000800800080007在 __interceptor_strcpy.part.0 (/work/main 0x380d9) #1 0x5637075c8836 在 main FINAL-FASTFOOD.c:69 #2 0x7fc505e0bcb1 在 __libc_start_main (/lib/x86_6c1bc.0x86_64-bcb1) 3 0x5637074f843d 在 _start (/work/main 0x843d)
0x6020000000dd is located 0 bytes to the right of 13-byte region [0x6020000000d0,0x6020000000dd) allocated by thread T0 here: #0 0x563707584d77 in malloc (/work/main 0x94d77) #1 0x5637075c85a7 in main FINAL-FASTFOOD.c:53 #2 0x7fc505e0bcb1 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6 0x28cb1)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/work/main 0x380d9) in __interceptor_strcpy.part.0 Shadow bytes around the buggy address: 0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff8000: fa fa 00 05 fa fa 00 05 fa fa 00 05 fa fa 00 05 =>0x0c047fff8010: fa fa 00 05 fa fa 00 05 fa fa 00[05]fa fa fa fa 0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd
Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order:
f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal:
fe Left alloca redzone: ca Right alloca redzone: cb
Shadow gap: cc ==13==ABORTING
uj5u.com熱心網友回復:
問題中的代碼與程式中的代碼不一致:您使用了14位元組的長度 vs:程式中的10個位元組...您確定發布的代碼會發生錯誤嗎?
執行的分配看起來是正確的,但是當您在實際讀取輸入之前比較輸入時,比較回圈是不正確的。此外,您沒有告知scanf()要存盤的最大位元組數input,這可能會導致長輸入字的未定義行為:這是攻擊者可以用來嘗試執行任意代碼的典型缺陷。
這是一個修改后的版本:
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define N 2
bool str_compare(const char *s1, const char *s2) {
return !strcmp(s1, s2);
}
int main(void) {
char **ptr;
ptr = malloc(N * (sizeof(char *)));
if (!ptr) {
fprintf(stderr, "Out of memory!\n");
exit(-10);
}
const char *hamburger = "hamburger";
const char *icecream = "icecream";
for (int i = 0; i < N; i) {
ptr[i] = malloc(10 * sizeof(char));
if (!ptr[i]) {
fprintf(stderr, "Out of memory!\n");
exit(-10);
}
}
strcpy(ptr[0], hamburger);
strcpy(ptr[1], icecream);
const char *end = "pay";
char input[80];
int price = 0;
while (scanf("ys", input) == 1 && !str_compare(input, end)) {
if (str_compare(ptr[0], input))
price = 150;
else
if (str_compare(ptr[1], input))
price = 40;
else
printf("unknown item: %s\n", input);
}
printf("Total price %d\n", price);
for (int i = 0; i < N; i ) {
free(ptr[i]);
}
free(ptr);
return 0;
}
uj5u.com熱心網友回復:
您正在分配 2 *char指標,但for回圈分配了 3 次。上次分配記憶體的時候啊緩沖區溢位發生了,因為你沒有分配3*char指標
嘗試for像這樣改變回圈:
For(int i=0; i <= N; i )
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/335234.html
上一篇:撰寫迭代函式來計算數學序列
下一篇:不重繪緩沖區會導致檔案輸出不正確