测试输入的缓冲区溢出
[英]Testing buffer overrun of input
问题描述
For example, if i input characters greater than 10 why doesn't it throw an exception or error? 
例如,如果我输入的字符大于10,为什么不抛出异常或错误? would you get the input with getline instead? 您会用getline获得输入吗?
int main()
{
char c[10];
while (cin >> c)
{
cout << c << endl;
}
}
2 个解决方案
解决方案1
6 2011-02-04 06:38:34
Why doesn't it throw an exception or error?
A buffer overflow is an example of undefined behavior . 缓冲区溢出是未定义行为的一个示例。 The behavior is literally undefined: if you overflow a buffer, there are no guarantees whatosever about what your program will do. 该行为实际上是未定义的:如果您溢出缓冲区,则无法保证程序将执行的操作。 This doesn't generate an exception because doing so would require lots of relatively costly checks even in correct code, and in C++ the general philosophy is that you don't pay for what you don't need. 这不会产生异常,因为这样做将需要大量相对昂贵的检查,即使使用正确的代码也是如此,并且在C ++中,总的哲学是您不必为不需要的东西付钱。
If you avoid raw arrays and raw (non-smart) pointers and use the C++ Standard Library containers, strings, and algorithms, you can easily avoid most situations that would result in a buffer overflow. 如果避免使用原始数组和原始(非智能)指针,并使用C ++标准库容器,字符串和算法,则可以轻松避免大多数情况导致缓冲区溢出。
Would you get the input with
getlineinstead?getline来获取输入吗?
You can either use std::getline , which allows you to extract a "line" of characters into a std::string , or you can use >> and extract into a std::string object directly, depending on what, exactly, you want to extract. 您可以使用std::getline ,它允许您将字符的“一行”提取到std::string ,也可以使用>>并直接将其提取到std::string对象中,具体取决于什么,您要提取。
解决方案2
0 2011-02-04 08:20:27
there are tools which attempt to expose these issues. 有些工具试图揭示这些问题。 valgrind and GuardMalloc are examples of this. valgrind和GuardMalloc就是这样的例子。 as well, msc allows you to specify build options which can expose such issues. 同样,msc允许您指定可能暴露此类问题的生成选项。
note also that different compilers emit different instructions based on your program, and different instructions when optimizing or not. 还要注意,不同的编译器会根据您的程序发出不同的指令,而在优化与否时会发出不同的指令。 this means the consequences may exist in some builds, and may not exist in others. 这意味着后果可能存在于某些版本中,而可能不存在于其他版本中。
i occasionally test my programs using the tools/techniques i've mentioned. 我偶尔会使用我提到的工具/技术来测试我的程序。 i also use more dynamic allocations in unit tests, in order to expose failure cases more easily when running programs with these tools. 我还在单元测试中使用了更多的动态分配,以便在使用这些工具运行程序时更轻松地发现失败的情况。
if you're coming from java or another language which integrates smarter arrays: that's not how c programs are interpreted by the compiler, nor is it how they are represented in memory. 如果您来自Java或集成了更智能数组的另一种语言,那不是编译器解释c程序的方式,也不是它们在内存中的表示方式。 instead, we typically use proper containers in c++. 相反,我们通常在c ++中使用适当的容器。 these will detect many of these issues. 这些将检测许多这些问题。 for example, a std::vector may throw if you attempt to access an invalid element. 例如,如果您尝试访问无效的元素,则可能会抛出std::vector 。
good luck 祝好运
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.