[英]How to avoid buffer overflow with C struct array of strings
I'm running into buffer overflows when reading a file in C and copying character arrays.我在读取 C 中的文件并复制字符 arrays 时遇到缓冲区溢出。 There are three potentially offending pieces of code and I can't figure out where I'm going wrong.
有三段可能有问题的代码,我不知道哪里出错了。
The first reads a file and populates it into a hashmap:第一个读取文件并将其填充到 hashmap 中:
bool load_file(const char* in_file, hmap hashtable[]) {
for(int x = 0; x < HASH_SIZE; x++) {
hashtable[x] = NULL;
}
FILE *fptr = fopen(in_file, "r");
char c[LENGTH] = "";
c[0] = '\0';
while (fgets(c, sizeof(c)-1, fptr) != NULL) {
node *n = malloc(sizeof(node));
hmap new_node = n;
new_node->next = NULL;
strncpy(new_node->content, c, LENGTH-1);
// do stuff to put it into the hashtable
}
fclose(fptr);
return true;
}
The second checks whether given content is in the hashmap:第二个检查给定内容是否在 hashmap 中:
bool check_content(const char* content, hmap hashtable[]) {
char c_content[LENGTH] = "";
strncpy(c_content, content, LENGTH-1);
// do stuff to check if it's in the hashmap
return false;
}
and the third parses a given file and checks whether its content is in the hashmap:第三个解析给定文件并检查其内容是否在 hashmap 中:
int check_file(FILE* fp, hmap hashtable[], char * not_found[]) {
int num_not_found = 0;
char c[1000] = "";
while (fgets(c, sizeof(c)-1, fp) != NULL) {
char * pch;
char curToken[LENGTH] = "";
pch = strtok (c," ");
strncpy(curToken, pch, LENGTH-1);
curToken[LENGTH]=0;
if(!check_content(curToken, hashtable)) {
not_found[num_not_found] = malloc(LENGTH*sizeof(not_found[num_not_found]));
strncpy(not_found[num_not_found], curToken, LENGTH-1);
num_not_found++;
}
}
fclose(fp);
return num_not_found;
}
Finally, main calls these and frees mallocs:最后, main 调用这些并释放 malloc:
int main (int argc, char *argv[])
{
hmap hashtable[HASH_SIZE];
load_file(argv[2], hashtable);
FILE *fptr = fopen(argv[1], "r");
char * not_found[MAX_ENTRIES];
int num_not_found = check_file(fptr, hashtable, not_found);
for(int x=0; x<num_not_found; x++) {
free(not_found[x]);
}
for(int y=0; hashtable[y] != NULL; y++) {
free(hashtable[y]);
}
return 0;
}
My question is this: for each of the three code snippets, what have I done that causes buffer overflows?我的问题是:对于这三个代码片段中的每一个,我做了什么导致缓冲区溢出? Many thanks in advance!
提前谢谢了!
I finally got rid of the buffer overflow problems mostly by following David's advice in the comments, plus figuring out that I had one more malloc than I needed.我终于摆脱了缓冲区溢出问题,主要是通过在评论中遵循 David 的建议,并发现我的 malloc 比我需要的多一个。 The fixes were:
修复是:
new_node->next
needed a malloc new_node->next
需要一个 mallocnew_node->next
should happen only if it's actually going to be used. new_node->next
的 malloc 只有在实际使用时才会发生。not_found[num_not_found] = malloc(LENGTH*sizeof(not_found[num_not_found]));
was wrong and should have been notfound[num_not_found] = malloc(sizeof(char) * (strlen(pch)+1))
(assuming pch wasn't null terminated).notfound[num_not_found] = malloc(sizeof(char) * (strlen(pch)+1))
(假设 pch 不是 null 终止)。 (Side note, for whatever reason, on my computer, malloc(sizeof(char) * strlen(pch)+1)
is not the same as malloc(strlen(pch)+1)
) malloc(sizeof(char) * strlen(pch)+1)
与malloc(strlen(pch)+1)
不同)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.