为什么没有分段错误 [英] Why no segmentation fault

问题描述

我想知道为什么这个程序不会因分段崩溃

错误：


#include< malloc.h>

#include< string.h>

#include< stdio.h>

int main（）

{

char * array;


array =（char *）malloc（ 10 * sizeof（char））;

if（array == NULL）

exit（0）;


strcpy（数组，11223456789 \ 0;;


printf（" \ narray [11]：％c \ n"，array [11]）


返回0;

}


我在系统堆上为10个字符分配空间然后复制

a大小为12的字符串进入分配的空间。为什么程序没有？b $ b崩溃？

到目前为止我的理解是：

malloc在系统堆上请求一些新的可用空间。所以，首先咨询

程序内存管理器，检查它是否已被分配

操作系统的一些可用空间可能适用于

malloc请求。如果是，则使用此内存段。否则，

请求将被定向到提供一些新的可用内存的操作系统，现在已将
分配给此程序（进程）并用于malloc内存

分配。但是，当我调用strcpy（array，" 11223456789 \ 0"）时，我

将前10个字符写入分配的内存区域。

剩余的2个字符超出了我被授予访问权限的内存区域

和试图写入内存我没有写入权限。那个

非法内存访问应该被终止带有分段错误的

程序的操作系统注意到。


此外，我的printf也会导致程序崩溃，因为我非法尝试从内存中读取我无法访问的内容。


谢谢。

克里斯

Hi,

I''m wondering why this program does not crash with a segmentation
fault:

#include <malloc.h>
#include <string.h>
#include <stdio.h>

int main()
{
char *array;

array = (char*)malloc(10 * sizeof(char) );
if ( array == NULL )
exit( 0 );

strcpy( array, "11223456789\0");

printf( "\narray[11]: %c\n", array[11] )

return 0;
}

I allocate space for 10 characters on the system heap and then copy
a string of size 12 into the allocated space. Why does the program not
crash?
My understanding was so far:
malloc request some new free space on the system heap. So, first the
program memory manager is consulted to check if it is already assigned
some free space by the operating system that might be suitable for the
malloc request. If so, this memory segment is used. Otherwise, the
request is directed to the OS that provides some new free memory that
is now assigned to this program (process) and used for the malloc memory
allocation. However, when I call "strcpy( array, "11223456789\0")" I
write the first 10 characters to the allocated memory area.The
remaining 2 characters exceed the memory area I was granted access to
and are tried to be written to memory I have no write access to. That
illegal memory access should be noticed by the OS that terminates the
program with a segmentation fault.

Furthermore, my printf should also crash the program since I
illegally attempt to read from memory I have no access to.

Thank you.

Chris

推荐答案

2006-03-26，Christian Christmann< pl ***** @ yahoo &由Matchi.com提供回到GT;写道：

On 2006-03-26, Christian Christmann <pl*****@yahoo.de> wrote:

我想知道为什么这个程序没有崩溃的分段错误：

#include < malloc.h>
#include< string.h>
#include< stdio.h>

int main（）
{
char * array;

array =（char *）malloc（10 * sizeof（char））;
if（array == NULL）
exit（0）; < strcpy（array，" 11223456789 \0"）;

printf（" \ narray [11]：％c\ n"，array [11] ）

返回0;
}

Hi,

I''m wondering why this program does not crash with a segmentation
fault:

#include <malloc.h>
#include <string.h>
#include <stdio.h>

int main()
{
char *array;

array = (char*)malloc(10 * sizeof(char) );
if ( array == NULL )
exit( 0 );

strcpy( array, "11223456789\0");

printf( "\narray[11]: %c\n", array[11] )

return 0;
}

没有保证HW会抓住所有这些非法记忆

访问。在语言中没有（总是）运行时检查来检查

是否超出范围：它假定为C的效率之一

程序员将执行必要的操作边界检查。写在

非法我认为记忆是未定义的。但是肯定很糟糕

练习并且肯定会导致nasties在晚些时候出现在b / b
之后立即出现。


我认为通过

" malloc" ed区域引用一个存储单元是合法的，但我相信有人会提供更多信息。

There is no guarentee that HW will catch all such illegal memory
accesses. There are not (always) runtime checks in languages to check
for out of bounds : it is one of the efficiencies of C that it assumes
the programmer will do the necessary bounds checks. Writing over
"illegal" memory is, I believe, "undefined" but most certainly bad
practice and most certainly will lead to nasties cropping up at a
later date if nto immediately.

I velieve it is legal to reference one unit of storage past the
"malloc"ed area, but I''m sure someone will provide more info on that.

Christian Christmann写道：

Christian Christmann wrote:

我想知道为什么这个程序没有崩溃的分段
错误：

#include< malloc.h>


非标头。应该包括stdlib.h。

#include< string.h>
#include< stdio.h>

int main（）


一个更好的形式是int main（无效）

{
char * array;

array =（char *）malloc （10 * sizeof（char））;


不要施放malloc的返回值。以上

语句的更好形式是：

array = malloc（10 * sizeof * array）;


这也是有副作用，如果你改变基类型，

（char这里），你不必修改这个语句。

if（array == NULL）
exit（0）;


退出（EXIT_SUCCESS）;或者退出（EXIT_FAILURE）会更便携但是

零总是一个便携式返回值表示成功

终止。

strcpy（数组， " 11223456789 \0"）;

printf（" \ narray [11]：％c \ n"，array [11]）

返回0 ;


我在系统堆上为10个字符分配空间，然后将大小为12的字符串复制到分配的空间中。为什么程序没有崩溃？
我的理解到目前为止：
malloc在系统堆上请求一些新的可用空间。因此，首先咨询程序内存管理器，以检查操作系统是否已经分配了一些可能适合于malloc请求的可用空间。如果是，则使用此内存段。否则，
请求将被定向到提供一些新的可用内存的OS，该内存现在被分配给该程序（进程）并用于malloc内存分配。但是，当我调用strcpy（array，" 11223456789 \ 0"）时，我将前10个字符写入分配的内存区域。
剩余的2个字符超出了我被授予访问权限的内存区域，并且尝试写入内存我没有写入权限至。那个
非法内存访问应该被操作系统注意到，这个操作系统会因为分段错误而终止程序。

此外，我的printf也应该崩溃程序，因为我
非法尝试从内存中读取我无法访问。

Hi,

I''m wondering why this program does not crash with a segmentation
fault:

#include <malloc.h>
Non-standard header. Should include stdlib.h instead.
#include <string.h>
#include <stdio.h>

int main()
A better form is int main(void)
{
char *array;

array = (char*)malloc(10 * sizeof(char) );
Don''t cast the return value of malloc. A better form of the above
statement is:
array = malloc(10 * sizeof *array);

This also has the side effect that if you ever change the base type,
(char here), you won''t have to modify this statement.
if ( array == NULL )
exit( 0 );
exit(EXIT_SUCCESS); or exit(EXIT_FAILURE) would be more portable though
zero is always a portable return value to indicate successfull
termination.
strcpy( array, "11223456789\0");

printf( "\narray[11]: %c\n", array[11] )

return 0;
}

I allocate space for 10 characters on the system heap and then copy
a string of size 12 into the allocated space. Why does the program not
crash?
My understanding was so far:
malloc request some new free space on the system heap. So, first the
program memory manager is consulted to check if it is already assigned
some free space by the operating system that might be suitable for the
malloc request. If so, this memory segment is used. Otherwise, the
request is directed to the OS that provides some new free memory that
is now assigned to this program (process) and used for the malloc memory
allocation. However, when I call "strcpy( array, "11223456789\0")" I
write the first 10 characters to the allocated memory area.The
remaining 2 characters exceed the memory area I was granted access to
and are tried to be written to memory I have no write access to. That
illegal memory access should be noticed by the OS that terminates the
program with a segmentation fault.

Furthermore, my printf should also crash the program since I
illegally attempt to read from memory I have no access to.

您的程序写入数组末尾并执行此操作，调用

未定义的行为。它最终崩溃与否是

实现定义。无论如何，根据C

标准，任何事情都可能发生。它可能显然会继续正常运行，（例如你的

情况，这可能是因为，你的库内存管理器保留更多内存作为你的进程的一部分，并且它们是只是碰巧过去了你的分配块。）或者它可能会在以后行为不端或者直接转储核心

。


它无所谓。一旦你创建了未定义的行为，就可能发生任何事情。

Your program writes past the end of the array and doing so, invokes
undefined behaviour. Wether it eventually crashes or not is
implementation defined. In any case, anything can happen as per the C
standard. It might apparently continue running normally, (like your
case, which could be because, your library memory manager reserved more
memory as a part of your process, and that they just happen to lie past
your allocated chunk.), or it might misbehave later or dump core
immediately.

It doesn''t matter. Once you''ve created undefined behaviour, anything
might happen.

santosh写道：

santosh wrote:

您的程序写入数组的末尾并执行此操作，调用
未定义的行为。它最终崩溃与否是
实现定义。 [...]

Your program writes past the end of the array and doing so, invokes
undefined behaviour. Wether it eventually crashes or not is
implementation defined. [...]

< pedantry>


它甚至没有实现定义;实施

没有义务记录后果。未定义是

undefined，并且结束了'不是。


< / pedantry>


-

Eric Sosman
es ***** @ acm -dot-org.inva 盖子

这篇关于为什么没有分段错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！