小贝子编程

为什么我得到堆缓冲区溢出在这个C代码?


#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <fcntl.h>
char *get_next_line(int fd);
int main (void)
{
int i = 0;
char *s;
int fd;
fd = open("./text", O_RDONLY);
s = get_next_line (fd);
}
char *get_next_line(int fd)
{
char    *buf;
char    c;
int     nread;
int     cnt;

if (fd < 0 || BUFFER_SIZE < 1)
return (NULL);
buf = (char*)malloc(BUFFER_SIZE + 1);
if (!buf)
return (NULL);
while(nread = (read(fd, &c, 1)) > 0)
{
*buf = c;
buf++;
cnt++;
if (c == 'n')
break;
}
if (nread < 0)
return (NULL);
*buf = 'n';
printf("%sn", buf);
return (buf - cnt - 1);
}

当我编译没有标志时,我只得到两个空行。使用-fsanitize=address编译,我知道heap-buffer-overflow发生在printf("%sn", buf);

但是我不知道为什么会这样。我尝试STDIN来修复它,但没有工作。有人能帮我检查一下吗?

  1. 您不能用null字符终止buf

    *buf = 'n';
*buf = '';

    确保你储备空间null字符而分配内存buf

  2. 如果读取的字节数小于0,则释放内存

    if (nread < 0) {
return (NULL);
} 


    if (nread < 0)  {
free(startAddress);
return (NULL);
}

  3. 您可以使用临时指针来保存buf的起始地址,而不是计算起始地址。

char *get_next_line(int fd)
{
char    *buf;
char    c;
int     nread;


if (fd < 0 || BUFFER_SIZE < 1)
return (NULL);
buf = (char*)malloc(BUFFER_SIZE + 2);
if (!buf)
return (NULL);

char *startAddress = buf;
while(nread = (read(fd, &c, 1)) > 0)
{
*buf = c;
buf++;
if (c == 'n')
break;
}
if (nread < 0)  {
free(startAddress);
return (NULL);
}
*buf  = '';  
printf("%sn", buf);

return startAddress;
}

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium