这段代码安全吗? [英] is this code safe?
问题描述
请帮助检查以下代码是否安全。
void * dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;
if(msgQReceive((q_ptr),(char *)& msg_ptr,4,0 )> = 0)
{
return((void *)msg_ptr);
}
返回NULL;
}
int main(无效)
{
//获取qid。 ...
MyType * my_ptr =(MyType *)dequeue(qid);
//通过my_ptr处理已登记的msg ... 。
}
我认为在dequeue()返回后,msg_ptr从
堆栈中解除分配,并且
my_ptr指向一些无效的内存空间。但似乎代码
工作
罚款。这是一个真正的问题吗?
谢谢,
Songling
Hi,
Please help to check if the following code is safe.
void* dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;
if (msgQReceive((q_ptr), (char*) &msg_ptr, 4, 0) >=0)
{
return((void*) msg_ptr);
}
return NULL;
}
int main(void)
{
// get qid....
MyType *my_ptr = (MyType *) dequeue( qid);
// process dequeued msg through my_ptr....
}
I thought that after dequeue() returns, msg_ptr is deallocated from the
stack, and
my_ptr is pointing to some invalid memory space. But seems like the code
works
fine. So is this a real problem?
Thanks,
Songling
推荐答案
在文章< ch ********** @ zcars0v6.ca.nortel.com>,
Songling< ya ****** @ nortelnetworks .COM>写道:
In article <ch**********@zcars0v6.ca.nortel.com>,
Songling <ya******@nortelnetworks.com> wrote:
U32 msg_ptr = 0;
if(msgQReceive((q_ptr),(char *)& msg_ptr,4,0)> = 0)
{
返回((void *)msg_ptr);
}
Bleah。据推测,U32是32位整数数据类型,msgQReceive
将4个字节的数据放入其中,实际上是一个指针。所以
这对实现做了很多假设。
但是假设它适合你的实现,你就回来了
msg_ptr的*值*。事实上,msg_pointer变量已经消失了,然后您将该值解释为指针:
MyType * my_ptr =(MyType *)dequeue(qid);
U32 msg_ptr = 0;
if (msgQReceive((q_ptr), (char*) &msg_ptr, 4, 0) >=0)
{
return((void*) msg_ptr);
}
Bleah. Presumably U32 is a 32-bit integer datatype and msgQReceive
is putting 4 bytes of data into it, which are in fact a pointer. So
this is making lots of assumptions about the implementation.
But supposing it''s right for your implementation, you are returning
the *value* of msg_ptr. The fact the the msg_pointer variable is
gone, and that you then interpret the value as a pointer:
MyType *my_ptr = (MyType *) dequeue( qid);
并不重要。 my_ptr将指向msg_ptr指向的内容,而不是
到msg_ptr。
- Richard
is unimportant. my_ptr will point to what msg_ptr pointed to, not
to msg_ptr.
-- Richard
Songling写道:
Songling wrote:
请帮助检查以下代码是否安全。
void * dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;
Hi,
Please help to check if the following code is safe.
void* dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;
什么是U32。那是unsigned int吗?
在那种情况下,当然这是一个问题。
您需要查看您正在使用的编译器。
我写了一个小问题来研究这个问题。
#include< stdlib.h>
int * GetLocalAdd(){
int a = 4;
return& a;
}
int main(){
GetLocalAdd();
返回EXIT_SUCCESS;
}
C:\ temp> gcc -g -Wall -ansi -pedantic local.c
local.c:在函数`GetLocalAdd'':
local.c: 5:警告:函数返回局部变量的地址
C:\ temp> gcc --version
gcc(GCC)3.3.1(mingw special 20030804-1)
版权所有(C)2003 Free Software Foundation,Inc。
这是免费软件;查看复制条件的来源。没有
保修;甚至不适用于适销性或特定用途的适用性。
尝试为编译器设置警告设置。而且你应该能够b / b
能够发现这些错误。
-
Karthik。
What is U32. Is that unsigned int ?
In that case then of course it is a problem.
You need to look at the compiler that you are using.
I wrote a small problem to look into the problem.
#include <stdlib.h>
int * GetLocalAdd() {
int a = 4;
return &a;
}
int main() {
GetLocalAdd();
return EXIT_SUCCESS;
}
C:\temp>gcc -g -Wall -ansi -pedantic local.c
local.c: In function `GetLocalAdd'':
local.c:5: warning: function returns address of local variable
C:\temp>gcc --version
gcc (GCC) 3.3.1 (mingw special 20030804-1)
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Try to set the warning setting for your compiler . And you should be
able to catch these errors.
--
Karthik.
>请帮助检查以下代码是否安全。
>Please help to check if the following code is safe.
void * dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;
什么是U32?间谍飞机?无符号32位指针?你似乎像指针一样使用它。
if(msgQReceive((q_ptr),(char *)& msg_ptr,4,0)> = 0 )
你正在将指向U32的指针转换为指向char的指针。这是有问题的有效性的
,特别是如果U32是指向某事物的指针。
msg_ptr的内容是否应该由msgQReceive设置?
{
返回((void *)msg_ptr);
}
返回NULL;
}
int main(void )
{获得qid ....
MyType * my_ptr =(MyType *)dequeue(qid);
//处理通过my_ptr将msg队列出来....
}
我认为在dequeue()返回后,msg_ptr从
堆栈中解除分配,
您将从dequeue()返回msg_ptr的* COPY *。这不是问题
本身msg_ptr超出范围。
msg_ptr指向msgQReceive设置的东西。当
main()得到它时,它仍然有效吗?我不知道。它可能与dequeue()
得到它时一样有效,但无法确定。
和
my_ptr指向到一些无效的内存空间。
你怎么知道my_ptr指向的是什么?当dequeue()返回时,它可能没有指向
自动变量释放,除非msgQReceive
将msg_ptr设置为指向ITSELF。
但似乎代码
有效
对于作品的定义是什么?这看起来像是一场灾难。
罚款。这是一个真正的问题吗?
void* dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;
What''s a U32? A spy plane? An Unsigned 32-bit POINTER? You seem
to be using it like a pointer.
if (msgQReceive((q_ptr), (char*) &msg_ptr, 4, 0) >=0)
You''re casting a pointer-to-U32 into a pointer-to-char. This is
of questionable validity, especially if U32 is a pointer-to-something.
Is the contents of msg_ptr supposed to be set by msgQReceive?
{
return((void*) msg_ptr);
}
return NULL;
}
int main(void)
{
// get qid....
MyType *my_ptr = (MyType *) dequeue( qid);
// process dequeued msg through my_ptr....
}
I thought that after dequeue() returns, msg_ptr is deallocated from the
stack,
You are returning a *COPY* of msg_ptr from dequeue(). This is not a problem
by itself that msg_ptr goes out of scope.
msg_ptr points at something msgQReceive set it to. Is that still valid when
main() gets hold of it? I don''t know. It is likely as valid as when dequeue()
got hold of it, but no way to be sure.
and
my_ptr is pointing to some invalid memory space.
How do you know WHAT my_ptr is pointing at? It''s probably NOT pointing at
an auto variable deallocated when dequeue() returns, unless msgQReceive
sets msg_ptr to point at ITSELF.
But seems like the code
works
For what definition of "works"? It looks like a disaster to me.
fine. So is this a real problem?
请确定msg_ptr应该是什么类型。
Gordon L. Burditt
Please decide what type msg_ptr is supposed to be.
Gordon L. Burditt
这篇关于这段代码安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!