C编程堆缓冲区溢出
[英]C programming heap buffer overflow
问题描述
I just started coding and have a beginner question. 
我刚刚开始编码,并且有一个初学者的问题。 So I have a Binary tree. 所以我有一棵二叉树。 After I add the first node to it, I would like to search the tree see if there are any duplicated node with the same value. 将第一个节点添加到其中后,我想搜索树以查看是否存在具有相同值的重复节点。 But I keep getting error when I try to search the tree which has only one node: Here is my node: 但是,当我尝试搜索只有一个节点的树时,总是出现错误:这是我的节点:
struct node{
int data;
struct node* left;
struct node* right;};
Here's the function I used to create the first node 这是我用来创建第一个节点的函数
struct node* createnode(int num){
struct node *p=malloc(sizeof(struct node*));
p->data=num;
return p;
}
And I added It like this: 并且我像这样添加了它:
struct node *root;
root=createnode(b);
Here is the search function 这是搜索功能
char * search(int num, struct node *p, int dep){
dep=1;
char *result="n";
if(p==NULL){result="n";return result;}
struct node * root;
root=p;
while(root!=NULL){
if(num==root->data){
result= "y";break;
}
if(num>root->data && root->right!=NULL){
root=root->right;dep++;
}
if(num<root->data&&root->left!=NULL){
root=root->left;dep++;
}
if(num >root->data&&root->right==NULL){
result= "n";break;
}
if(num <root->data&&root->left==NULL){
result="n";break;
}
}
return result;
}
Here is the error I got 这是我得到的错误
==6841== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60040000e000 at pc 0x400eb5 bp 0x7fff3d5302c0 sp 0x7fff3d5302b0
READ of size 8 at 0x60040000e000 thread T0
#0 0x400eb4 (/.autofs/ilab/ilab_users/xy139/night+0x400eb4)
#1 0x402911 (/.autofs/ilab/ilab_users/xy139/night+0x402911)
#2 0x7f2196abdb14 (/usr/lib64/libc-2.17.so+0x21b14)
#3 0x400a78 (/.autofs/ilab/ilab_users/xy139/night+0x400a78)
0x60040000e000 is located 8 bytes to the right of 8-byte region [0x60040000dff0,0x60040000dff8)
allocated by thread T0 here:
#0 0x7f2196e74129 (/usr/lib64/libasan.so.0.0.0+0x16129)
#1 0x402071 (/.autofs/ilab/ilab_users/xy139/night+0x402071)
#2 0x402899 (/.autofs/ilab/ilab_users/xy139/night+0x402899)
#3 0x7f2196abdb14 (/usr/lib64/libc-2.17.so+0x21b14)
Shadow bytes around the buggy address:
0x0c00ffff9bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9bf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 fa
=>0x0c00ffff9c00:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9c40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c00ffff9c50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap righ redzone: fb
Freed Heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
ASan internal: fe
==6841== ABORTING
I Thank everyone who are willing to help!!!! 我感谢愿意帮助的所有人!!!!
2 个解决方案
解决方案1
3 已采纳 2017-02-09 04:30:41
struct node *p = malloc(sizeof(struct node*));
You need to allocate enough memory for the struct itself, not a pointer to struct. 您需要为结构本身分配足够的内存,而不是为结构分配指针。
struct node *p = malloc(sizeof(struct node));
It is easier to remember to do this if you de-reference the target pointer and pass its size to malloc as an argument like so: 如果您取消引用目标指针并将其大小作为参数传递给malloc ,则记住这样做比较容易,例如:
struct node *p = malloc(sizeof(*p));
If you were to change the data type of p in a later revision of a program, then you would not be required to update respective arguments to malloc . 如果要在程序的更高版本中更改p的数据类型,则不需要将各自的参数更新为malloc 。
解决方案2
0 2017-02-09 15:07:25
One of the typical errors is allocating the memory not for the size of the structure, but for the pointer to it. 典型的错误之一是不为结构的大小而是为指向它的指针分配内存。 Synchronizer showed the solution of the problem in his answer: 同步器在他的答案中显示了问题的解决方案 :
struct node *p = malloc(sizeof(struct node));
I should also add, that malloc can return a potentially null pointer ( link ), that's why after allocating the memory it should be checked against null before dereference: 我还应该补充一点,malloc可以返回可能为空的指针( link ),这就是为什么在分配内存之后应在取消引用之前对它进行检查是否为null:
struct node* createnode(int num)
{
struct node *p = malloc(sizeof(struct node));
if (p != NULL) // <=
{
p->data = num;
}
return p;
}
It's such a pity that it took so much time to find the error. 很可惜,花了很多时间才发现错误。 Perhaps, using static analyzers could help to find bugs earlier. 也许,使用静态分析器可能有助于更早发现错误。 Here you can see how a similar mistake can be made in big projects. 在这里,您可以看到在大型项目中如何犯类似的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.