C语言中strncpy的内存混乱 [英] Memory confusion for strncpy in C

问题描述

这周，我的同事讨论了一个有关记忆的问题:

This week one problem was discussed by my colleague regarding memory:

示例代码1:

int main()
{
    #define Str "This is String."
    char dest[1];
    char buff[10];

    strncpy(dest, Str, sizeof(Str));
    printf("Dest: %s\n", dest);
    printf("Buff: %s\n", buff);
}

输出:

Dest: This is String.
Buff: his is String.

示例代码2:

int main()
{
    #define Str "This is String."
    char dest[1];
    //char buff[10];

    strncpy(dest, Str, sizeof(Str));
    printf("Dest: %s\n", dest);
    //printf("Buff: %s\n", buff);
}

输出:

Dest: This is String.
*** stack smashing detected ***: ./test terminated
Aborted (core dumped)

我不明白为什么在情况1下会得到该输出?因为buff甚至没有在strncpy中使用，并且如果我注释变量buff，它将给出检测到的堆栈粉碎，但输出为dest. 同样对于buff，为什么我将Output表示为"his as string".

I am not understanding why i am getting that output in case 1? as buff is not even used in strncpy, and if i comment variable buff it will give stack smashing detected but with output for dest. Also for buff why i am getting Output as "his as string."

推荐答案

这是一个有趣的问题，我们都希望在某些时候或其他时候能够理解.这里发生的问题称为缓冲区溢出" .此问题的副作用可能因系统而异(也称为未定义的行为).为了说明您的情况，我们假设程序中变量的内存布局如下

This is an interesting problem that we all wish to understand at some point or the other. The problem that occurs here is known as "Buffer Overflow". The side effects of this problem can vary from system to system (also referred as undefined behavior). Just to explain you what might be happening in your case lets assume that the memory layout of the variables in your program is as below

请注意，以上表示仅用于理解，并不表示任何体系结构的实际表示. 执行strncpy命令后，该存储区的内容如下

Note above representation is just for understanding and doesn't show actual representation for any architecture. After the strncpy command is executed the contents of this memory region are as below

现在，当您打印buff时，您可以看到buf的起始地址中现在带有"h". printf开始打印此字符，直到找到一个超出buff存储区的空字符为止.因此，在打印buf时会得到"his is String". 但是请注意，程序1不会由于堆栈保护(取决于系统/实现)而生成堆栈粉碎错误.因此，如果您在不包含此代码的系统上执行此代码，则程序1也将崩溃(您可以通过将Str增加为长字符串来对其进行测试).

Now when you print buff you can see that the start address of buf now has 'h' in it. The printf starts printing this until it finds a null character which is past the buff memory region. Hence you get 'his is String' when you print buf. However note that program 1 doesn't generate a stack smashing error because of stack guard (which is system/implementation) dependent. So if you execute this code on a system that doesn't include this the Program 1 will also crash (You can test this by increasing Str to a long string).

如果使用程序2，strncpy会越过堆栈保护程序，而不再写main中的返回地址，因此会导致崩溃.

In case of Program 2 the strncpy just goes past the stack guard over writing the return address from main and hence you get a crash.

希望这会有所帮助.

P.S.以上所有描述都是为了理解，没有显示任何实际的系统表示.

P.S. All above description is for understanding and doesn't show any actual system representation.

这篇关于C语言中strncpy的内存混乱的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！