memcpy中如何处理内存溢出?
int main ()
{
char *destination;
char source[10] = "jigarpatel";
destination = (char*) malloc(5);
memcpy(destination, source, 10);
printf("%s and size is %d", destination, strlen(destination));
free(destination);
return 0;
}
输出:
jigarpatel and size is 10
问:
这里我只分配了 5 个字节给目标,但目标长度是 10,这是为什么?
其他字节存储在哪里?
嵌入式系统安全吗?是否有可能发生崩溃或分段错误?
我怎样才能检测到这种类型的错误?
另一个问题:
看到我正在编写一个库,其中用户请求所需的内存,库说分配 10 个字节和 10 个字节。然后用户 malloc 10 字节 &将其指针传递给库。现在库在那里存储一些数据...现在看看库是否说分配 10 个字节但用户只分配了 5 个字节&将该指针提供给库,那么我如何检测用户没有 malloc 足够的内存。
int main ()
{
char *destination;
char source[10] = "jigarpatel";
destination = (char*) malloc(5);
memcpy(destination, source, 10);
printf("%s and size is %d", destination, strlen(destination));
free(destination);
return 0;
}
Output:
jigarpatel and size is 10
Question:
Here I have allocated just 5 bytes to destination, but the destination length is 10, why is this?
Where are the other bytes stored?
Is it safe in embedded system? Any chances of a crash or a segmentation fault?
How can I detect this type of mistake?
Another Question :
see i am writing one library where user asks for needed memory and library says allocate 10 bytes & then user malloc 10 bytes & pass its pointer to library. now library store some data there...now see if library said to allocate 10 bytes but user has allocated only 5 bytes & give that pointer to library then how can i detect that user hasnt malloc suffecient memory.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
这里我刚刚为目标分配了 5 个字节,那么为什么目标长度还是 10?
strlen()考虑\0< /code> 作为字符串的结尾,因此它会继续计数,直到遇到\0。这并不意味着destination分配了那么多内存。您的写入超出了分配的内存范围,幸运的是它不会崩溃,但这样做肯定是未定义的行为。未定义的行为意味着任何事情都可能发生该行为无法解释,幸运的是您的程序没有崩溃。
其他字节存储在哪里?
其他字节会覆盖分配给
destination的 5 个字节之外的其他内存分配。嵌入式系统安全吗?有可能发生崩溃或分段错误吗?
它不安全。它会导致未定义的行为,如果幸运的话它会起作用。
如何检测此类错误?
每个平台都有特定的内存分析工具,例如Linux/Unix的Valgrind,您可以使用它们,它们会指出此类内存覆盖。
Here i have just allocated only 5 bytes to destination then still why destination length is 10?
The
strlen()considers\0as the end of the string, So it continues counting until it enounters a\0. This does not meandestinationhas that much memory allocated.You are writing beyond the bounds of the allocated memory and luckily it does not crash, but sure is an Undefined Behavior to do so. An Undefined Behavior means anything can happen & the behavior cannot be explained, luckily Your program does not crash.
where other bytes are stored?
The other bytes overwrite some other memory allocation beyond the 5 bytes allocated to
destination.Is it safe in embedded system? any chances to crash or segmention fault?
It is NOT safe. It causes an Undefined Behavior and If you are lucky that it works.
how can i detect this type of mistakes?
Each platform has certain Memory profiling tools like Valgrind for Linux/Unix, You can use them and they will point out such memory overrites.
有时这确实有效,但在任何系统上绝对不安全。您所写的内容超出了
malloc为您提供的内容。从 C 的角度来看,这是非法的,但从操作系统的角度来看,这可能是可以的(内存可能会以足够的权限进行分页)。另一个问题是,如果您稍后再次调用
malloc,它可能会为您提供一些内存,包括您在不询问的情况下使用的 5 个字节。这应该提供一些有趣的调试会话。目标仅分配了
5字节,但由于 malloc 在您的系统上的工作方式,这不会导致无效写入,因为它恰好位于有效页面内。就目前而言,在前 5 个之后。
在任何系统中都是不安全的。很多崩溃的机会。
使用 valgrind 或任何内存调试器。可以在此处找到对 valgrind 的简要介绍。
1
例如,在 Linux (Glibc) 上,小型(约 64 字节)
malloc请求由称为“fastbins”的预分配页面小列表提供服务。每个 fastbin 都有固定的大小,因此使用分配的 fastbin 达到该大小不会触发分段冲突。有关此情况如何发生的更多详细信息,请参阅此处对您可能参考的主题进行更严格的处理malloc 源代码。This sometimes happens to work but it's definitely not safe on any system. You are writing past the end of what
mallocis giving you. From the viewpoint of C it's illegal, but from the viewpoint of the OS it might be ok (that memory might be paged with adequate permissions).Another problem is that if you later call
mallocagain, it might give you some memory including those 5 bytes that you are using without asking. This should provide some interesting debugging sessions.The destination has only
5bytes allocated, but because of the way malloc works on your system, this doesn't cause an invalid write, since it happens to be inside a valid page.Right after the first 5, for now.
It's unsafe in any system. Many chances of crashes.
Using valgrind or any memory debugger. A gentle introduction to valgrind can be found here.
¹
For example, on Linux (Glibc), small (~64 bytes)
mallocrequests are served from a small list of preallocated pages called "fastbins". Each fastbin has a fixed size, and hence using an allocated fastbin up to that size would not trigger a segmentation violation. More details on how this happens can be found here, for a more rigorous treatment of the topic you might refer to the malloc source code.不,这不安全 - 超出分配块末尾的写入通常会导致堆损坏。
使用 valgrind 等工具来捕获此错误和其他类型的错误。
No it's not safe - writing beyond the end of an allocated block will typically cause heap corruption.
Use tools such as valgrind to catch this and other kinds of error.
你很幸运它没有崩溃。 memcpy的第三个参数应该是4,然后你应该在5位置放置空字符来终止字符串。
You are luck that it has not crashed. The third parameter of memcpy should be 4 and then you should put the null character in the 5 position to terminate the string.