Visual Studio - 缓冲区溢出

Question

Having this code:有这个代码：

#include <iostream>
#include <math.h>
#include <algorithm>


double abs_length(int * ar)
{
    return (
        sqrt(pow(double(ar[0]), 2) + pow(double(ar[1]), 2))
        );
}

int ** correction(int size, int(*ar)[2], int refX, int refY)
{
    int **ar2 = new int*[2];
    for (int i = 0; i < size; i++)
    {
        int x = abs(ar[i][0] - refX);
        int y = abs(ar[i][1] - refY);
        int vector[2] = { x,y };
        ar2[i] = vector;
    }
    return ar2;
}

double median(int size, int(*ar)[2], int refX, int refY)
{
    int **coordinates = correction(size, ar, refX, refY);
    double* lengths = new double(size);

    for (int i = 0; i < size; i++)
    {
        lengths[i] = abs_length(coordinates[i]);
    }
    sort(lengths, lengths + size);

    return  size % 2 == 0 ? (lengths[(size / 2) - 1] + lengths[size]) / 2 :
        lengths[(size / 2) - 1];
}

And for而对于

lengths[i] = abs_length(coordinates[i]);

I am getting warning (which ends up with fatal error):我收到警告（最终出现致命错误）：

Buffer overrun while writing to 'lengths': the writable size is '1*8' bytes, but '16' bytes might be writen.

I do not understand it.我不明白。 Why could be 16 bytes written, when double is sizeof 8?当double的 sizeof 8 时，为什么可以写入 16 个字节？ 16 is address, but abs_length is returning double, no pointer. 16 是地址，但abs_length返回双abs_length值，没有指针。 So where is bug?那么bug在哪里呢？

Answer 1

There's an error here这里有一个错误

int ** correction(int size, int(*ar)[2], int refX, int refY)
{
    int **ar2 = new int*[2];
    for (int i = 0; i < size; i++)
    {
        int x = abs(ar[i][0] - refX);
        int y = abs(ar[i][1] - refY);
        int vector[2] = { x,y };
        ar2[i] = vector;
    }
    return ar2;
}

The lines线条

        int vector[2] = { x,y };
        ar2[i] = vector;

create a local array and stores a pointer to that array.创建一个本地数组并存储一个指向该数组的指针。 The array is destroyed when you exit the body of the for loop, so you are storing a pointer to an object which has been destroyed.当您退出 for 循环体时，数组将被销毁，因此您正在存储一个指向已被销毁的对象的指针。

This code would work这段代码会起作用

        int* vector = new int[2];
        vector[0] = x;
        vector[1] = y;
        ar2[i] = vector;

There may be other errors, far too many pointers in your code.可能还有其他错误，代码中的指针太多。

Answer 2

You made a typo:你打错了：

new double(size)

allocates space for a single double with value size .为值为size的单个双精度分配空间。

You probably meant:你可能的意思是：

new double[size]

which allocates space for an array of size doubles.它为size翻倍的数组分配空间。

Visual Studio - 缓冲区溢出

问题描述

2 个解决方案

解决方案1
1 已采纳 2020-11-04 08:48:31

解决方案2
0 2020-11-04 08:43:43

Visual Studio - 缓冲区溢出

问题描述

2 个解决方案

解决方案1 1 已采纳 2020-11-04 08:48:31

解决方案2 0 2020-11-04 08:43:43

解决方案1
1 已采纳 2020-11-04 08:48:31

解决方案2
0 2020-11-04 08:43:43