为什么这个程序没有崩溃 [英] why this program is not crashing

问题描述

你好，

我认为以下代码在运行时会崩溃

*（argv + 1）=" 1234567890"和*（argv + 2）=" 1234567890" 。


int main（int argc，char ** argv）

{

char buf1 [5];

char buf2 [5];

char buf3 [5];

strncpy（buf2，*（argv + 1），sizeof（buf2））;

strncpy（buf3，*（argv + 2），sizeof（buf3））;

sprintf（buf1，"％s"，buf2）;

返回0;

}


buf2的最后一个元素不是NULL。因此sprintf应该复制

" ; 1234512345"

到buf1哪个应该导致分段错误。但是，这是

不是这样的，程序运行正常。可以请任何人

指出我的错误。


谢谢

hello,
In my opinion the following code should crash when run with
*(argv+1)="1234567890" and *(argv+2)="1234567890" .

int main(int argc,char **argv)
{
char buf1[5];
char buf2[5];
char buf3[5];
strncpy(buf2,*(argv+1),sizeof(buf2));
strncpy(buf3,*(argv+2),sizeof(buf3));
sprintf(buf1,"%s",buf2);
return 0;
}

The last element of buf2 is not NULL.Therefore sprintf should copy
"1234512345"
to buf1 and which should result in segmentation fault.However,this is
not the case and the program is running normally.Can anybody please
pin-point my error.

Thanks

推荐答案

gh **** @ yahoo.com 写道：

gh****@yahoo.com writes:

在我看来，下面的代码应该是使用
*（argv + 1）=" 1234567890"运行时崩溃和*（argv + 2）=" 1234567890" 。


您似乎是我在这里发现的一类新手之一

偶尔，谁认为*（a + b）与
a [b]。那不是真的，前者只是让它看起来好像你不知道你在做什么。

int main（int argc， char ** argv）
{char buf1 [5];
char buf2 [5];
char buf3 [5];
strncpy（buf2，*（ argv + 1），sizeof（buf2））;
strncpy（buf3，*（argv + 2），sizeof（buf3））;
sprintf（buf1，"％s"，buf2）;
返回0;
}

buf2的最后一个元素不是NULL。


当然不是 - 它不是指针。正确的术语是

" null terminator"，而不是NULL。后者总是指一个

指针。

因此sprintf应该复制1234512345。到buf1和哪个
应该导致分段错误。但是，这不是
情况，程序正常运行。任何人都可以指出我的错误。

In my opinion the following code should crash when run with
*(argv+1)="1234567890" and *(argv+2)="1234567890" .
You seem to be one of a class of newbies I spot here
occasionally, who think that *(a+b) is somehow different from
a[b]. That''s not true, and the former just makes it look like
you don''t know what you''re doing.
int main(int argc,char **argv)
{
char buf1[5];
char buf2[5];
char buf3[5];
strncpy(buf2,*(argv+1),sizeof(buf2));
strncpy(buf3,*(argv+2),sizeof(buf3));
sprintf(buf1,"%s",buf2);
return 0;
}

The last element of buf2 is not NULL.
Of course not--it''s not a pointer. The proper terminology is
"null terminator", not NULL. The latter always refers to a
pointer.
Therefore sprintf should copy "1234512345" to buf1 and which
should result in segmentation fault.However,this is not the
case and the program is running normally.Can anybody please
pin-point my error.

这里有两个错误。首先是你假设

buf2 []和buf3 []是连续存储的，所以在buf2 []结束时读取或

会给你一个开头

buf3 []。这是不能保证的，许多实现都不会产生这种行为。


第二个错误是你假设访问超出了结束

的buf3 []会产生分段错误。语言确实没有保证.b $ b不保证。实际上，它并没有在

所有的保证：行为是正式的未定义，这意味着任何事情都可以发生。/ br
允许发生。

-

我应该杀死你，你站在哪里，毫无价值的人。 --Kaz

There are two errors here. The first is your assumption that
buf2[] and buf3[] are stored contiguously, so that reading or
writing past the end of buf2[] will give you the beginning of
buf3[]. This is not guaranteed and many implementations will not
yield this behavior.

The second error is your assumption that accessing beyond the end
of buf3[] should produce a segmentation fault. The language does
not guarantee that. In fact, it does not make any guarantees at
all: the behavior is formally "undefined", meaning that anything
at all is allowed to happen.
--
"I should killfile you where you stand, worthless human." --Kaz

gh****@yahoo.com 已写：

gh****@yahoo.com wrote:

在我看来，以下代码在运行时会崩溃
*（argv + 1）=" 1234567890"和*（argv + 2）=" 1234567890" 。


可以，但不能保证。

int main（int argc，char ** argv）
{
char buf1 [5];
char buf2 [5];
char buf3 [5];
strncpy（buf2，*（argv + 1），sizeof（buf2））;
strncpy（buf3，*（argv + 2），sizeof（buf3））;
sprintf（buf1，"％s"，buf2）;
返回0;
}

buf2的最后一个元素不是NULL。因此sprintf应该复制
" 1234512345"

In my opinion the following code should crash when run with
*(argv+1)="1234567890" and *(argv+2)="1234567890" .
It could, but there''s no guarantee.
int main(int argc,char **argv)
{
char buf1[5];
char buf2[5];
char buf3[5];
strncpy(buf2,*(argv+1),sizeof(buf2));
strncpy(buf3,*(argv+2),sizeof(buf3));
sprintf(buf1,"%s",buf2);
return 0;
}

The last element of buf2 is not NULL.Therefore sprintf should copy
"1234512345"

buf2的最后一个元素永远不会NULL，因为NULL是一个空指针

常量而buf2是一个char数组。你的意思是它不是空的

（即不是零字符），或者不是NUL（ASCII字符0）。


没有，它不是;因此，您的程序会调用undefined

行为，并且可以随心所欲地执行任何操作。这_could_意味着崩溃;

它也可能意味着忽略任何不适合缓冲区的东西;它可以

也意味着除了buf1和

之外的任何记忆都会继续存在。如果发生什么事情，最后一个选项特别令人讨厌
超出buf1的
是一个返回地址，或者是一个完全不相关的变量，然后你使用的是
。从理论上讲，调用未定义的行为甚至可能导致计算机混乱，以至于它写下你的辞职信件并将其发送给你的CEO。


顺便说一句，即使你假设（不一定正确，但它是可能性之一）这种特殊的未定义行为

导致欢快地尝试继续从

源数组的末尾开始复制，_and_你的三个阵列在

内存中彼此相邻，我仍然不喜欢不明白为什么会尝试复制1234512345。你用buf2与buf3有
有相同的错误;它可能会更多地（试图）复制1234512345一些随机绒毛，而b / b
恰好在buf3之外的堆栈上，可能包括你的回归

地址。"。

尽管如此，碰撞仍然难以保证。未定义的行为

正是如此：未定义。


Richard

The last element of buf2 is never NULL, because NULL is a null pointer
constant and buf2 is an array of char. You mean that it''s not null
(i.e., not a zero character), or not NUL (the ASCII character 0).

And no, it isn''t; and therefore your program invokes undefined
behaviour, and may do whatever it pleases. This _could_ mean crashing;
it could also mean ignore whatever does not fit in the buffer; it could
also mean blot over whatever memory happens to lie beyond buf1 and
continue. The last option is particularly nasty if what happens to lie
beyond buf1 is a return address, or a totally unrelated variable which
you then use. In theory, invoking undefined behaviour could even result
in confusing the computer so badly that it writes your resignation
letter and emails it to your CEO.

BTW, even if you do assume (not necessarily correctly, but it''s one of
the possibilities) that this particular kind of undefined behaviour
results in merrily trying to continue copying from beyond the end of the
source array, _and_ that your three arrays lie next to one another in
memory, I still don''t see why that would try to copy "1234512345". You
have the same error with buf3 that you have with buf2; it would be more
likely that it would (try to) copy "1234512345Some random fluff that
happens to be on the stack beyond buf3, possibly including your return
address.".
Even then, the crash is hardly guaranteed, though. Undefined behaviour
is exactly that: undefined.

Richard

gh **** @ yahoo.com 写道：

你好，
在我看来，以下运行时代码应该崩溃
*（argv + 1）=" 1234567890"和*（argv + 2）=" 1234567890" 。


当我使用microsoft visual c 7来运行它时崩溃了（int argc，char ** argv）
{charlo buf1 [ 5];
char buf2 [5];
char buf3 [5];
strncpy（buf2，*（argv + 1），sizeof（buf2））;
strncpy（ buf3，*（argv + 2），sizeof（buf3））;
sprintf（buf1，"％s"，buf2）;
返回0;
}

buf2的最后一个元素不是NULL。因此sprintf应该复制
1234512345
到buf1，这应该导致分段错误。但是，这不是这种情况，而且程序运行正常。任何人都可以请指出我的错误。

谢谢

hello,
In my opinion the following code should crash when run with
*(argv+1)="1234567890" and *(argv+2)="1234567890" .
It crashed when i ran this with microsoft visual c 7
int main(int argc,char **argv)
{
char buf1[5];
char buf2[5];
char buf3[5];
strncpy(buf2,*(argv+1),sizeof(buf2));
strncpy(buf3,*(argv+2),sizeof(buf3));
sprintf(buf1,"%s",buf2);
return 0;
}

The last element of buf2 is not NULL.Therefore sprintf should copy
"1234512345"
to buf1 and which should result in segmentation fault.However,this is
not the case and the program is running normally.Can anybody please
pin-point my error.

Thanks

buf1，buf2和buf3存储在堆栈中，所以将指针递增到buf2

转向buf1而不是buf3.如果它们是全局的那么它就像你要说的那样。


buf1，buf2 buf3有填充，使它们从地址开始可分开

by 4.so most p可能是3个字节的填充。其中一个可能是零偶然

这可能就是为什么它在你的系统中没有崩溃的原因。

buf1,buf2 and buf3 are stored in stack,so incrementing pointer to buf2
goes towards buf1 not buf3.if they were global then it will be as you
say.

buf1,buf2 buf3 have padding to make them start in addresses divisible
by 4.so most possibly 3 bytes padding.one of them may be zero by chance
that may be why it didn''t crash in your system.

这篇关于为什么这个程序没有崩溃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！