malloc（）函数太小缓冲区 [英] Malloc() too small buffer

问题描述

我问这个问题，擦亮我的知识。我写了一个测试code以下的副本。

字符的大小* ptr1的是的malloc（1）。我复制3行5字。是总长度为32个字符。输出是很好的到来。我经历了code继续 strncat函数（）功能。它也似乎不分配为目的，复制额外的内存。另外，我不是在ptr1的字符指针的末尾添加任何空字符。

这怎么能产生正确的结果？那么这是正确的？

  INT主要（无效）
{
    的char *名称=首套
    字符* ptr1的;    ptr1的= malloc的（1）; //＆LT;＆LT; ==这里的内存分配唯一的1个字节
    joinWithMe（ptr1的，名）; //＆LT;＆LT; == 9个字节被复制
    的printf（PTR1：％S \\ n，ptr1的）;    joinWithMe（ptr1的， - 第二集）; //＆LT;＆LT; == 11个字节被复制
    的printf（PTR1：％S \\ n，ptr1的）;    joinWithMe（ptr1的， - 第三组）; //＆所述;＆下; == 10个字节被复制
    的printf（PTR1：％S \\ n，ptr1的）;    返回0;
}无效joinWithMe（字符*我的，为const char *他）
{
    strncat函数（我，他，strlen的（他））;
}
 

输出

  $ ./ctest
PTR1：首套
PTR1：第一套第二组
PTR1：第一套第二组，第三组
 

解决方案

它提供了正确的结果，因为你真的很幸运。在的malloc（）功能并不能使它的可能的访问内存，它找到的内存和储备你的许可的使用它与没有其他code有权限的承诺。可能访问它（如果知道附近的一个地址），在那里不管。如果缓冲区写入未经许可，结果是不确定的。

在这种不确定的情况下，如果超出了缓冲区的内存不可写，你可能会崩溃。如果它是可写的，但没有其他code正在使用它（这是很可能在当前的情况下），会出现没有任何问题已经奏效。如果其他一些code正在积极地使用该内存虽然，要么是code会扰乱你的，或者你的code与破坏，或者两者都有。该市场扰乱的结果是不确定的（因为它取决于什么code是做），意思是不确定的。

I am asking this question to polish my knowledge. I wrote a test code the copy of below.

The size of char *ptr1 is malloc(1). I copy 5 word on 3 lines. that are total of 32 chars in length. The output is coming nicely. I went through the code on strncat() function. it is also seems not allocating extra memory for copy purpose. also I am not adding any null character at the end of the ptr1 char pointer.

How this can produce right result? then this is correct?

int main(void)
{
    char *name = "First Set";
    char *ptr1;

    ptr1 = malloc(1); // <<== here the memory is allocated only 1 byte
    joinWithMe(ptr1, name); // <<== 9 bytes are copied
    printf("PTR1 : %s\n", ptr1);  

    joinWithMe(ptr1, "-Second Set"); // <<== 11 bytes are copied
    printf("PTR1 : %s\n", ptr1);

    joinWithMe(ptr1, "-Third Set");  // <<== 10 bytes are copied
    printf("PTR1 : %s\n", ptr1);

    return 0;
}

void joinWithMe(char *me, const char *him)
{
    strncat(me, him, strlen(him));
}

.

OUTPUT

$ ./ctest
PTR1 : First Set
PTR1 : First Set-Second Set
PTR1 : First Set-Second Set-Third Set

解决方案

It provides the "right" result because you got lucky. The malloc() function does not make it possible to access memory, it finds memory and reserves you permission to use it, with a promise that no other code has that permission. The possibility to access it (if one knows of a nearby address) is there regardless. If the buffer is written to without permission, the results are undefined.

In this undefined case, if the memory beyond the buffer is not writable, you'll probably crash. If it is writable but no other code is making use of it (which is likely in your current case), it will appear to have worked without any issue. If some other code is making active use of that memory though, either that code will disrupt yours, or your code with disrupt the other, or both. The outcome of that disruption is uncertain (since it depends on what the code is doing), meaning undefined.

这篇关于malloc（）函数太小缓冲区的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！