[英]Why is address-sanitizer causing a heap-buffer-overflow error in my multiplication matrix?
[英]Why does these 3 lines of code return address-sanitizer error?
int* mostVisited(int n, int* rounds, int roundsSize, int* returnSize){
returnSize=malloc(sizeof(int)*100);
printf("%d", roundsSize);
return returnSize;
}
在這里你可以試試代碼: https : //leetcode.com/contest/weekly-contest-203/problems/most-visited-sector-in-a-circular-track/
編輯:如果我評論print
行,錯誤就會消失。
這是來自 Leetcode 的挑戰,我知道我以某種方式訪問了未分配的內存塊,我訪問了分配的內存堆棧中的某些內容。
我能想出的唯一解釋是 Leetcode 的網站以某種方式不允許我在int
函數中打印。
錯誤:
=================================================================
==32==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6140000001d0 at pc 0x000000404edd bp 0x7ffd3d94c7e0 sp 0x7ffd3d94c7d0
READ of size 4 at 0x6140000001d0 thread T0
#2 0x7f337c09f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
0x6140000001d0 is located 0 bytes to the right of 400-byte region [0x614000000040,0x6140000001d0)
allocated by thread T0 here:
#0 0x7f337d0baf88 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10bf88)
#3 0x7f337c09f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Shadow bytes around the buggy address:
0x0c287fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff8000: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c287fff8010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fff8020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c287fff8030: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
0x0c287fff8040: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c287fff8050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff8060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff8070: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fff8080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==32==ABORTING
您的代碼有問題,但不是您認為的問題。 printf
不能有錯誤:您傳遞了roundsSize
的值, roundsSize
打印它,句點。
你傳遞了returnSize
,它是一個指針。 然后分配給本地版本的returnSize
,它不會返回給調用者(為此,您需要**returnSize
)。 但是無論如何你都會返回新值......你實際上想要做什么?
returnSize
可能已經指向調用函數可讀的良好內存位置。 它的目的是作為另一個返回值,以便您可以通知調用函數您要返回的數組的大小。 相反,您正在重新分配(本地版本)它以指向您也返回的數組。
調用函數永遠不會看到returnSize
這種更改,因為您對它所做的唯一更改已本地化到該函數,並且沒有修改存儲在原始內存地址的數據。 這個地址的數據可能是垃圾,因為它期望你的函數賦予它它的價值。 如果此垃圾值恰好大於數組的大小,則調用函數可能會嘗試讀取您分配的數組末尾。
所以你應該這樣做的方式可能是這樣的:
int* mostVisited(int n, int* rounds, int roundsSize, int* returnSize){
{
*returnSize = 100; // or however it is that the size of the array should be determined
int *ret = malloc(sizeof(*ret) * *returnSize);
return ret;
}
當然,該函數應該做什么的其余邏輯仍然由您來完成。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.