我一直收到以下错误:
*** Error in `./vice': malloc(): memory corruption: 0x08e77530 ***
Aborted (core dumped)
相关代码为:
open_result *
open_file_1_svc(open_args *argp, struct svc_req *rqstp)
{
static open_result result;
int obtained_fd;
int just_read;
int total_read = 0;
int max_bytes_read = 1024;
char *ptr_file;
char *pathName = "MyFiles/"; // strlen = 8
int toReserve;
xdr_free((xdrproc_t)xdr_open_result, (char *)&result);
// Construct full name of the file (in "MyFiles")
toReserve = strlen(argp->fname) + strlen(pathName) + 1; // "�"
char *fullName = malloc(toReserve*sizeof(char));
fullName = strdup(pathName);
fullName = strcat(fullName, argp->fname);
// Call to open in POSIX
obtained_fd = open(fullName, argp->flags);
result.fd = obtained_fd;
/* If there was an error while reading, the error code will be sent, but not
the file (it might not even exist) */
if (obtained_fd < 0) {
result.characters = "";
result.number_characters = 0;
}
/* If the file opening was successful,
both the fd and the file will be sent */
else {
char *file_just_read = malloc(max_bytes_read * sizeof(char)); // This is the problem
ptr_file = file_just_read;
/* Reading the file byte by byte */
while((just_read = read(obtained_fd, ptr_file, max_bytes_read)) > 0) {
total_read += just_read;
file_just_read = realloc(file_just_read, (total_read+max_bytes_read) * sizeof(char));
ptr_file = file_just_read + total_read;
}
result.characters = file_just_read;
result.number_characters = total_read;
}
return &result;
}
让我解释一下代码的作用。这是一个名为"vice"的服务器,它通过RPC与其客户端通信。这个函数应该接收"open_args"并返回"open_result"。这些是在"vice.x"文件中定义的。该文件的相关部分是:
struct open_args {
string fname<>;
int flags;
};
struct open_result {
string characters<>;
int number_characters;
int fd;
};
open_file_1_svc应该尝试打开MyFiles目录中argp->fname中给定名称的文件。如果打开成功,open_file_1_svc将尝试以result.characters的形式复制文件的内容,并通过这种方式向客户端发送文件内容的副本。number_characters可以让我知道中间是否有空字节。
当我试图为即将读取的文件部分分配一些内存时,会出现错误。
我一直在读关于这类错误的文章,但我不明白这个特殊的案例出了什么问题。
malloc不会"引发"损坏;malloc检测它。
这个错误告诉您,在调用malloc之前(这次),有东西在堆元数据上乱涂乱画;您可能有缓冲区溢出。
这段代码中的两个malloc调用都在任何东西写入内存之前,因此溢出很可能发生在其他地方。(我还没有详细检查这个代码是否正确,但这是在这里的事实之后。)
编辑:我错过了strdup中隐含的malloc调用。这将导致溢出,因为重复的字符串具有较小的分配。我想你指的是strcpy,而不是strdup。