(-1> = sizeof(buffer))怎么可能是正确的?程序无法获得正确的比较结果 [英] How can (-1 >= sizeof(buffer)) ever be true? Program fail to get right results of comparison

问题描述

程序会遇到无法执行的例程，其中 if(len> = sizeof(buff))在现实中永远不应该是真实的，但是会发生.如 printf 输出 len:-1__1024 所示: len 的值是-1，大于 sizeof(buff)，它是1024.太神奇了.

The program runs into impossible execution routine, where if( len >= sizeof(buff) ) should never be true in reality, however it happens. As is shown by the printf output len:-1__1024: len, whose value is -1, is larger than sizeof(buff), which is 1024. It's amazing.

select return value -1 ,4
select: Interrupted system call
-1_0x66a1e0
len:-1__1024  
*** glibc detected *** /home/fang/Desktop/work/fw: free(): invalid pointer: 0x000000000066a1e0 ***

以下是执行代码.

while (1) {
        if( len >= sizeof(buff) ) {   //here len==-1, sizeof(buff)==1024
            printf("len:%d__%d  %s\n", len, sizeof(buff), tmp1); //oops
            free(tmp1);
            tmp1 = buff;
        }
        len = get_next_event(&tmp1, sizeof(buff));
        printf("%d_%p\n",len, tmp1);
        if( len > 0 ){
            tmp = strtok_r(tmp1, "\n\r", &saveptr);
            // ignore following codes ......

我认为该错误是由堆栈污染引起的，但是很难找到秘密.为了进一步说明，我列出了功能 get_next_event 的代码.希望您的帮助^ _ ^

I think the bug is resulted from the stack pollution, but it's hard to find out the secret. To mention more, I list the code of function get_next_event. Wish for your help ^_^

int get_next_event(char **buf, int len)
{
    struct timeval tv;
    int tmp;
    socklen_t sin_size;
    struct sockaddr_in client_addr; 

    sin_size = sizeof(client_addr);
    FD_ZERO(&fdsr);
    FD_SET(sock_fd, &fdsr);
    tv.tv_sec = 1;
    tv.tv_usec = 0;
    if (new_fd != 0) {
       FD_SET(new_fd, &fdsr);
    }

    tmp = select(maxsock + 1, &fdsr, NULL, NULL, &tv);
    if (tmp < 0) {
       printf("select return value %d ,%d\n", tmp, errno);
       perror("select");
       return -1;
    } else if (tmp == 0) {
       return 0;
    }

推荐答案

-1，大于sizeof(buff).太神奇了.

-1, is larger than sizeof(buff). It's amazing.

是的.

len> = sizeof(buff)与 -1相同> = sizeof(buff)与(size_t)-1>相同= sizeof(buff)-> SIZE_MAX> = sizeof(buff)->当然是正确的.

len >= sizeof(buff) is the same as -1 >= sizeof(buff) same as (size_t)-1 >= sizeof(buff) --> SIZE_MAX >= sizeof(buff) --> which is certainly true.

将类似 len 的 int 与 unsigned 类型的 size_t 进行比较时，的结果sizeof ，其中一种会根据范围更广而转换为另一种.

When an int like len is compared to the unsigned type size_t, the result of sizeof, one of the types is converted to the other based on which have a wider range.

在这种情况下，通常是 int 转换为 unsigned size_t .(size_t)-1 是 size_t 的最大值，并且肯定大于 sizeof(buff).

In this case, it is usually the int converts to the unsigned size_t. (size_t)-1 is the greatest value of size_t and is certainly larger than sizeof(buff).

不清楚为什么 len == -1 却看不到更多代码.

It is unclear why len == -1 without seeing more code.

在这种情况下，我建议使用 size_t len = 0 来修补代码.

Yet in this case, I'd recommend to use size_t len = 0 to mend code.

打印时，使用匹配的打印说明符，例如％zu"

When printing, use the a matching print specifier like "%zu"

printf("size:%zu\n", sizeof buff);

OP的代码缺少警告，带有 printf(％d \ n"，sizeof(buff)); 表示警告未完全启用.省时间.启用所有警告.

OP's code, lacking a warning, with printf("%d\n", sizeof(buff)); implies warnings are not fully enabled. Save time. Enable all warnings.

这篇关于(-1> = sizeof(buffer))怎么可能是正确的?程序无法获得正确的比较结果的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！