[英]How to set number of bytes with memcpy?
I read about the heartbleed exploit and that is was mistake with memcpy. 我读到了关于heartbleed漏洞利用的内容,这是memcpy的错误。
void * memcpy( void * dest, const void *src, size_t len );
A proper call to memcpy can look like this 对memcpy的正确调用可能如下所示
int a[4711] [4711];
int b[4711] [4711];
/* initialize a */
(void) memcpy( &b [0] [0], &a [0] [0], sizeof( a ) );
But why the third parameter, when would that be different from the size of the src? 但为什么第三个参数,什么时候会与src的大小不同? I've seen other examples where it's the dest size that is used, when should that be done?
我已经看过其他的例子,它们是使用的目标大小,什么时候应该这样做?
If you take a look a the the memcpy
Man page, the third argument is the number of bytes that is copied from src to dst. 如果你看一下
memcpy
Man页面,第三个参数是从src复制到dst的字节数。 So it doesn't matter if you use the size of src or size of dst. 因此,如果使用src的大小或dst的大小,则无关紧要。 But you must ensure that the source and destination buffer sizes are at least equal or greater than the number of bytes copied.
但是必须确保源缓冲区和目标缓冲区大小至少等于或大于复制的字节数。 Otherwise, buffer overflow will occur.
否则,将发生缓冲区溢出。
In this case, the src
and dest
arrays are the same size so it does not matter which one you do sizeof
on. 在这种情况下,
src
和dest
数组的大小相同,因此不会不管你做哪一个sizeof
上。
In general, if you use the dest
size, then you guarantee that your writing does not cause a buffer overflow, which is typically (but not always) a more serious problem than reading past the end of src
. 一般来说,如果你使用
dest
大小,那么你保证你的写入不会导致缓冲区溢出,这通常(但不总是)比读取超过src
结尾更严重的问题。
However, reading past the end of src
can also be serious, as the Heartbeat case shows. 然而,正如Heartbeat案例所示,阅读
src
结尾也可能是严重的。 To be robust, it's best to check both src
and dest
sizes and confirm that they are both what you expect them to be, before proceeding. 为了保持健壮,最好在继续之前检查
src
和dest
大小并确认它们都是您期望的大小。
The third parameter of memcpy(dst,src,len)
gives the number of bytes to copy. memcpy(dst,src,len)
的第三个参数memcpy(dst,src,len)
给出了要复制的字节数。
If that number of bytes is bigger than the memory pointed to by either parameter, you are hosed. 如果该字节数大于任一参数指向的内存,则会被清除。 That's a technical term describing things like the Heartbleed bug, as well as quite a few other bugs I've had the delightful experience :-( of fixing.
这是一个技术术语,描述了像Heartbleed的bug,以及其他一些我有过愉快体验的错误:-(修复。
If your software development mindset is oriented toward memory objects, the code pattern in your question is valid. 如果您的软件开发思维模式面向内存对象,则问题中的代码模式是有效的。 For example, if you develop around the idea that you use
memcpy()
to make exact copies of entire objects, I suppose you would never use any third parameter besides sizeof(src)
. 例如,如果你围绕着使用
memcpy()
来制作整个对象的精确副本的想法,我想你绝不会使用除sizeof(src)
之外的任何第三个参数。
But memcpy()
is useful for many other sorts of operations, such as management of partial buffers, gathering disjointed streams of data into consecutive memory locations, and similar things. 但
memcpy()
对许多其他类型的操作很有用,例如管理部分缓冲区,将不连续的数据流收集到连续的内存位置以及类似的事情。
It's also subject to misuse, and ordinarily has no checks against that. 它也会被滥用,通常没有检查。 For example, there are probably tens of thousands of code snippets in the wild, many of them in embedded systems, that look something like this.
例如,在野外可能存在数万个代码片段,其中许多代码片段在嵌入式系统中,看起来像这样。
char [10] out;
char [] in = "Yo ho ho and a bottle of rum!";
...
memcpy (out, in, 1+ strlen(in)); /*don't do this or you're hosed!*/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.