使用strcpy引发“检测到堆栈粉碎”错误

Question

I have two types of struct s, struct msg and struct pkt . My job is to construct a struct pkt using struct msg passed as an argument.

struct msg {
  char data[20];
  };

struct pkt {
   int seqnum;
   int acknum;
   int checksum;
   char payload[20];
    };

While

void A_output(struct msg message) { //fails
    ...
    struct pkt snd_pkt;
    strcpy(snd_pkt.payload, message.data);
    ...
}

fails,

void A_output(struct msg message) { //succeeds
    ...
    struct pkt snd_pkt;
    memcpy(&snd_pkt.payload, &message, sizeof(struct msg));
    ...
}

succeeds.

What I do not understand is, if I am copying char[20] to char[20], and used strcpy , shouldn't it be fine? Why is it throwing stack smashing error?

Why, in the working answer, is it copying memory of type struct msg to the memory of char[20] field in struct pkt , and why should the third argument be sizeof(struct msg) , not strlen(message.data) + 1?

Answer 1

strcpy(snd_pkt.payload, message.data);

shoud be fine only if your char array data is null terminated. Alternately, you may use:

size_t ss = sizeof(snd_pkt.payload);   
strncpy(snd_pkt.payload, message.data, ss-1);
snd_pkt.payload[ss-1] = '\0';

Answer 2

What I do not understand is, if I am copying char[20] to char[20], and used strcpy, shouldn't it be fine?

It will be fine if data member data of structure msg is zero terminated that is if it contains a string. It seems that ther reason of the error is that it does not contain a string. As for this statement

memcpy(&snd_pkt.payload, &message, sizeof(struct msg));

then in general case it has undefined behaviour because due to the structure alignment the sizeof the structure can be greater than 20 bytes for example when sizeof( int is equal to 8.

Answer 3

Using a simple for loop also does the job pretty well:

void A_output(struct msg message) {
...
struct pkt snd_pkt;
int i=0,
for(i=0;i<20;i++){
   snd_pkt.payload[i] = msg.data[i];
}
...