运行时检查失败＃2-变量'name'周围的堆栈已损坏

Question

I've got an interface function in my application:

void addShopToList(Tshp **shpHead){
    char* name;
    Tshp *newshp = NULL;
    system("cls");
    printf("Name: ");
    scanf("%s[^\n]", &name);
    fflush(stdin);
    newshp = addShp(shpHead,name,NULL);
    if(prompt("Do you want to add some products?")){
        addProductMenu(&newshp);
    }
}

and I get:

Run-Time Check Failure #2 - Stack around the variable 'name' was corrupted.

When I trigger those functions separately (I mean like addShp() -> it's just adding a new shop to the list), it works properly. I have no idea how to fix it :/.

Answer 1

name is uninitialized, so then when you try to take the address of the uninitialized pointer:

scanf("%s[^\n]", &name);

it pukes on you. So two points:

1) char *name = malloc(100); // now it's initialized to something, don't forget to free it later char *name = malloc(100); // now it's initialized to something, don't forget to free it later

2) scanf("%s[^\\n]", name); // shouldn't use the & for a string in scanf scanf("%s[^\\n]", name); // shouldn't use the & for a string in scanf

and a third bonus point:

3) fflush(stdin); don't do that. Flushing stdin is undefined behavior according to the C11 standard §7.21.5.2 part 2:

Ifstream points to an output stream ... the fflush function causes any unwritten data for that stream ... to be written to the file; otherwise, the behavior is undefined.

On some systems, Linux being one as you can see in the man page for fflush() , there's a defined behavior but it's system dependent so your code may not be portable.

Answer 2

You have two problems:

The first is that you are passing the address of the pointer to the string to scanf - not the address of the string. The scanf call doesn't know that, so it starts reading data in to the address you passed it, overwriting the memory location where name is stored, and the memory after it ( newshp ) and so on... by the time the scanf is done, who knows what's left? You can fix that easily by removing the & before name in the scanf call.

But then you stumble onto the other, important, issue: currently name is a pointer that points to who-knows-where - it's uninitialized. Wherever it points, it's not your memory. The fixed call to scanf will overwrite that memory - which you don't own. And then what happens?

The solution to that is to initialize name to point to memory that you allocate. You can do that using something like malloc to allocate a chunk of memory, or, alternatively, you can allocate the space on the stack thusly:

// allocate space for 99 characters (plus 1 space for the null-terminator
// and initialize the memory to all null characters.
char name[100] = { 0 }; 

Sidenote : you should really try to understand the subtle difference between what happens when you pass &name instead of name to scanf . It will be a very important pedagogical exercise and help you gain a much better understanding of pointers and how your code is translated into something the machine understands.

Finally, you shouldn't call fflush(stdin) as that results in undefined behavior. And that's a bad thing. What do you believe that function call would achieve anyways?