LeetCode：解决消毒剂违规问题

Question

I am working through some of the examples but am continually getting these Address Sanitizer heap-buffer-overflow errors. I can't for the life of me figure out where the potential overflow is here:

bool detectCapitalUse(char * word){
    
    int CapitalLet = 0;
    int WordLen = sizeof(word)/sizeof(char);
    bool result = 0;
    
    for (int i = 0; i < WordLen; i++)
    {
        if (word[i] >= 'A' && word[i] <= 'Z' )
        {
            CapitalLet++;
        }
    }
    
    if( CapitalLet == WordLen )
    {
        result = 1;
    }
    else if ((CapitalLet == 1) && (word[0] >= 'A' && word[0] <= 'Z'))
    {
        result = 1;
    }
    else if (CapitalLet == 0 )
    {
        result = 1;
    }
    else
    {
        result = 0;
    }    
    
    return result;
}

EDIT: Here's the complete error message.

=================================================================
==31==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000017 at pc 0x000000401850 bp 0x7ffcd5e90680 sp 0x7ffcd5e90670
READ of size 1 at 0x602000000017 thread T0
    #2 0x7f2bb38ea82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
0x602000000017 is located 0 bytes to the right of 7-byte region [0x602000000010,0x602000000017)
allocated by thread T0 here:
    #0 0x7f2bb4905f88 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10bf88)
    #4 0x7f2bb38ea82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa[07]fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==31==ABORTING

Answer 1

Because nothing in your code uses heap memory , there is nothing that would possibly cause heap overflow , but the problem that can be addressed is here:

int WordLen = sizeof(word)/sizeof(char);. 

In the argument

(char * word)   

word decays into a pointer upon being passed as an argument, so

sizeof(word) 

is really going to return sizeof a pointer (4 bytes for 32bit addressing), not sizeof the array that you likely passed. And by the way, sizeof(char) is always 1 by definition.

Change the expression to:

int WordLen = strlen(word);

Changing this single line allowed your code to work as I believe it was intended. I tested it using the following calling method:

int main(void) 
{
    char word[] = {"this is A string"};
    bool res = detectCapitalUse(word);
    return 0;
}

One caveat :
If by chance you did use dynamically allocated memory in the calling function, or somewhere else that was not included in this post, and there was an attempt made to access that block of memory incorrectly, a heap-buffer-overflow could have been the result.