这段代码安全吗？ [英] is this code safe?

问题描述

请帮助检查以下代码是否安全。


void * dequeue（MSG_Q_ID q_ptr）

{

U32 msg_ptr = 0;


if（msgQReceive（（q_ptr），（char *）& msg_ptr，4,0 ）> = 0）

{

return（（void *）msg_ptr）;

}

返回NULL;

}


int main（无效）

{

//获取qid。 ...


MyType * my_ptr =（MyType *）dequeue（qid）;


//通过my_ptr处理已登记的msg ... 。

}


我认为在dequeue（）返回后，msg_ptr从

堆栈中解除分配，并且

my_ptr指向一些无效的内存空间。但似乎代码

工作

罚款。这是一个真正的问题吗？


谢谢，


Songling

Hi,

Please help to check if the following code is safe.

void* dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;

if (msgQReceive((q_ptr), (char*) &msg_ptr, 4, 0) >=0)
{
return((void*) msg_ptr);
}
return NULL;
}

int main(void)
{
// get qid....

MyType *my_ptr = (MyType *) dequeue( qid);

// process dequeued msg through my_ptr....
}

I thought that after dequeue() returns, msg_ptr is deallocated from the
stack, and
my_ptr is pointing to some invalid memory space. But seems like the code
works
fine. So is this a real problem?

Thanks,

Songling

推荐答案

在文章< ch ********** @ zcars0v6.ca.nortel.com>，

Songling< ya ****** @ nortelnetworks .COM>写道：

In article <ch**********@zcars0v6.ca.nortel.com>,
Songling <ya******@nortelnetworks.com> wrote:

U32 msg_ptr = 0;

if（msgQReceive（（q_ptr），（char *）& msg_ptr，4,0）> = 0）
{
返回（（void *）msg_ptr）;
}


Bleah。据推测，U32是32位整数数据类型，msgQReceive

将4个字节的数据放入其中，实际上是一个指针。所以

这对实现做了很多假设。


但是假设它适合你的实现，你就回来了

msg_ptr的*值*。事实上，msg_pointer变量已经消失了，然后您将该值解释为指针：

MyType * my_ptr =（MyType *）dequeue（qid）;

U32 msg_ptr = 0;

if (msgQReceive((q_ptr), (char*) &msg_ptr, 4, 0) >=0)
{
return((void*) msg_ptr);
}
Bleah. Presumably U32 is a 32-bit integer datatype and msgQReceive
is putting 4 bytes of data into it, which are in fact a pointer. So
this is making lots of assumptions about the implementation.

But supposing it''s right for your implementation, you are returning
the *value* of msg_ptr. The fact the the msg_pointer variable is
gone, and that you then interpret the value as a pointer:
MyType *my_ptr = (MyType *) dequeue( qid);

并不重要。 my_ptr将指向msg_ptr指向的内容，而不是

到msg_ptr。


- Richard

is unimportant. my_ptr will point to what msg_ptr pointed to, not
to msg_ptr.

-- Richard

Songling写道：

Songling wrote:

请帮助检查以下代码是否安全。

void * dequeue（MSG_Q_ID q_ptr）
{
U32 msg_ptr = 0;

Hi,

Please help to check if the following code is safe.

void* dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;

什么是U32。那是unsigned int吗？

在那种情况下，当然这是一个问题。

您需要查看您正在使用的编译器。


我写了一个小问题来研究这个问题。


#include< stdlib.h>


int * GetLocalAdd（）{

int a = 4;

return& a;

}


int main（）{

GetLocalAdd（）;


返回EXIT_SUCCESS;

}

C：\ temp> gcc -g -Wall -ansi -pedantic local.c

local.c：在函数`GetLocalAdd''：

local.c： 5：警告：函数返回局部变量的地址


C：\ temp> gcc --version

gcc（GCC）3.3.1（mingw special 20030804-1）

版权所有（C）2003 Free Software Foundation，Inc。

这是免费软件;查看复制条件的来源。没有

保修;甚至不适用于适销性或特定用途的适用性。

尝试为编译器设置警告设置。而且你应该能够b / b
能够发现这些错误。


-

Karthik。

What is U32. Is that unsigned int ?
In that case then of course it is a problem.
You need to look at the compiler that you are using.

I wrote a small problem to look into the problem.

#include <stdlib.h>

int * GetLocalAdd() {
int a = 4;
return &a;
}

int main() {
GetLocalAdd();

return EXIT_SUCCESS;
}
C:\temp>gcc -g -Wall -ansi -pedantic local.c
local.c: In function `GetLocalAdd'':
local.c:5: warning: function returns address of local variable

C:\temp>gcc --version
gcc (GCC) 3.3.1 (mingw special 20030804-1)
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Try to set the warning setting for your compiler . And you should be
able to catch these errors.


--
Karthik.

>请帮助检查以下代码是否安全。

>Please help to check if the following code is safe.

void * dequeue（MSG_Q_ID q_ptr）
{
U32 msg_ptr = 0;


什么是U32？间谍飞机？无符号32位指针？你似乎像指针一样使用它。

if（msgQReceive（（q_ptr），（char *）& msg_ptr，4,0）> = 0 ）


你正在将指向U32的指针转换为指向char的指针。这是有问题的有效性的
，特别是如果U32是指向某事物的指针。


msg_ptr的内容是否应该由msgQReceive设置？

{
返回（（void *）msg_ptr）;
}
返回NULL;
}

int main（void ）
{获得qid ....

MyType * my_ptr =（MyType *）dequeue（qid）;

//处理通过my_ptr将msg队列出来....
}
我认为在dequeue（）返回后，msg_ptr从
堆栈中解除分配，


您将从dequeue（）返回msg_ptr的* COPY *。这不是问题

本身msg_ptr超出范围。


msg_ptr指向msgQReceive设置的东西。当

main（）得到它时，它仍然有效吗？我不知道。它可能与dequeue（）

得到它时一样有效，但无法确定。


和
my_ptr指向到一些无效的内存空间。


你怎么知道my_ptr指向的是什么？当dequeue（）返回时，它可能没有指向

自动变量释放，除非msgQReceive

将msg_ptr设置为指向ITSELF。

但似乎代码
有效


对于作品的定义是什么？这看起来像是一场灾难。

罚款。这是一个真正的问题吗？

void* dequeue(MSG_Q_ID q_ptr)
{
U32 msg_ptr = 0;
What''s a U32? A spy plane? An Unsigned 32-bit POINTER? You seem
to be using it like a pointer.
if (msgQReceive((q_ptr), (char*) &msg_ptr, 4, 0) >=0)
You''re casting a pointer-to-U32 into a pointer-to-char. This is
of questionable validity, especially if U32 is a pointer-to-something.

Is the contents of msg_ptr supposed to be set by msgQReceive?
{
return((void*) msg_ptr);
}
return NULL;
}

int main(void)
{
// get qid....

MyType *my_ptr = (MyType *) dequeue( qid);

// process dequeued msg through my_ptr....
}

I thought that after dequeue() returns, msg_ptr is deallocated from the
stack,
You are returning a *COPY* of msg_ptr from dequeue(). This is not a problem
by itself that msg_ptr goes out of scope.

msg_ptr points at something msgQReceive set it to. Is that still valid when
main() gets hold of it? I don''t know. It is likely as valid as when dequeue()
got hold of it, but no way to be sure.

and
my_ptr is pointing to some invalid memory space.
How do you know WHAT my_ptr is pointing at? It''s probably NOT pointing at
an auto variable deallocated when dequeue() returns, unless msgQReceive
sets msg_ptr to point at ITSELF.
But seems like the code
works
For what definition of "works"? It looks like a disaster to me.
fine. So is this a real problem?

请确定msg_ptr应该是什么类型。


Gordon L. Burditt

Please decide what type msg_ptr is supposed to be.

Gordon L. Burditt

这篇关于这段代码安全吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！