stackoom
  简体   繁体   中英

How to avoid buffer overflow with C struct array of strings

 原文  2019-09-26 00:46:59       c/ arrays/ struct/ malloc/ buffer-overflow

Question

I'm running into buffer overflows when reading a file in C and copying character arrays. There are three potentially offending pieces of code and I can't figure out where I'm going wrong.

The first reads a file and populates it into a hashmap:

bool load_file(const char* in_file, hmap hashtable[]) {

    for(int x = 0; x < HASH_SIZE; x++) {
        hashtable[x] = NULL;
    }

    FILE *fptr = fopen(in_file, "r");

    char c[LENGTH] = "";
    c[0] = '\0';

    while (fgets(c, sizeof(c)-1, fptr) != NULL) {

        node *n = malloc(sizeof(node));
        hmap new_node = n;      
        new_node->next = NULL;
        strncpy(new_node->content, c, LENGTH-1);

        // do stuff to put it into the hashtable
    }

    fclose(fptr);
    return true;
}

The second checks whether given content is in the hashmap:

bool check_content(const char* content, hmap hashtable[]) {

    char c_content[LENGTH] = "";
    strncpy(c_content, content, LENGTH-1);

    // do stuff to check if it's in the hashmap

    return false;
}

and the third parses a given file and checks whether its content is in the hashmap:

int check_file(FILE* fp, hmap hashtable[], char * not_found[]) {

    int num_not_found = 0;
    char c[1000] = "";

    while (fgets(c, sizeof(c)-1, fp) != NULL) {

        char * pch;
        char curToken[LENGTH] = "";

        pch = strtok (c," ");
        strncpy(curToken, pch, LENGTH-1);
        curToken[LENGTH]=0;

        if(!check_content(curToken, hashtable)) {
            not_found[num_not_found] = malloc(LENGTH*sizeof(not_found[num_not_found]));
            strncpy(not_found[num_not_found], curToken, LENGTH-1);
            num_not_found++;
        }
    }
    fclose(fp);
    return num_not_found;
}

Finally, main calls these and frees mallocs:

int main (int argc, char *argv[])
{   
    hmap hashtable[HASH_SIZE];
    load_file(argv[2], hashtable);

    FILE *fptr = fopen(argv[1], "r");
    char * not_found[MAX_ENTRIES];
    int num_not_found = check_file(fptr, hashtable, not_found);

    for(int x=0; x<num_not_found; x++) {
        free(not_found[x]);
    }

    for(int y=0; hashtable[y] != NULL; y++) {
        free(hashtable[y]);
    }

  return 0;
}

My question is this: for each of the three code snippets, what have I done that causes buffer overflows? Many thanks in advance!

1 answers

solution1
 0  2019-09-26 22:57:42

I finally got rid of the buffer overflow problems mostly by following David's advice in the comments, plus figuring out that I had one more malloc than I needed. The fixes were:

  1. new_node->next needed a malloc
  2. The malloc for new_node->next should happen only if it's actually going to be used.
  3. not_found[num_not_found] = malloc(LENGTH*sizeof(not_found[num_not_found])); was wrong and should have been notfound[num_not_found] = malloc(sizeof(char) * (strlen(pch)+1)) (assuming pch wasn't null terminated). (Side note, for whatever reason, on my computer, malloc(sizeof(char) * strlen(pch)+1) is not the same as malloc(strlen(pch)+1) )
  4. The return of every malloc really does have to be validated.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to avoid buffer overflow in c Buffer array overflow in for loop in c How to avoid buffer overflow using scanf How to prevent Buffer overflow / array overflow? try to malloc a struct array, but get heap buffer overflow heap-buffer-overflow when assigning to static array in struct buffer overflow in C with function to alloc double array C - Copying Array of Strings into a Struct array of strings within a struct in C C: initializing struct with an array of strings
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM