[英]Struct initialization leads to seg fault
以下代碼導致分段錯誤。 可執行文件名為“./struct”
#include <stdio.h>
#define VERSION_NUMBER_LEN 32
#define MAX_DESCRIPTION_COUNT 32
#define DESCRIPTION_LEN 128
int main(void)
{
struct foo {
char number[VERSION_NUMBER_LEN + 1];
char description[MAX_DESCRIPTION_COUNT][DESCRIPTION_LEN];
};
struct foo asdf = {
"1.1", { "clap", "clap", "stomp", NULL }
};
struct foo hjkl = {
"1.2", { "clop", "clop", "stamp", NULL }
};
int i;
printf( "%s\n", asdf.number );
for( i = 0; (asdf.description)[i] != NULL; i++ ){
printf( "\t%s\n", (asdf.description)[i]);
}
printf("\n");
printf( "%s\n", hjkl.number );
for( i = 0; (hjkl.description)[i] != NULL; i++ ){
printf( "\t%s\n", (hjkl.description)[i]);
}
}
輸出如下所示:
1.1
clap
clap
stomp
��
N���~�����������ջ�����e���t�����������A���P���b���������������̽��㽊����,���V���g���y���������������̾�� ���k�����������Ͽ��迊�
迊�
ome/tiger
56
y
vZxy/ssh
ptop:/tmp/.ICE-unix/2710
usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:~/bin:~/vitetris-0.3.6:/var/lib/gems/1.8/bin/
baz
GNOME_KEYRING_PID=2692
t \w\n\$
XDG_DATA_DIRS=/usr/share/gnome:/usr/local/share/:/usr/share/
9a6bf0ef61ded7872065094fca55d1
se
Segmentation fault
我跑了valgrind:
$ valgrind -v --leak-check=full --track-origins=yes ./struct
<snip>
==15228== Conditional jump or move depends on uninitialised value(s)
==15228== at 0x402605B: __GI_strlen (mc_replace_strmem.c:284)
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== Uninitialised value was created by a stack allocation
==15228== at 0x4060B01: (below main) (libc-start.c:96)
==15228==
==15228== Conditional jump or move depends on uninitialised value(s)
==15228== at 0x4026067: __GI_strlen (mc_replace_strmem.c:284)
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== Uninitialised value was created by a stack allocation
==15228== at 0x4060B01: (below main) (libc-start.c:96)
==15228==
==15228== Invalid read of size 1
==15228== at 0x4026058: __GI_strlen (mc_replace_strmem.c:284)
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== Address 0xbec1007c is not stack'd, malloc'd or (recently) free'd
==15228==
==15228==
==15228== Process terminating with default action of signal 11 (SIGSEGV)
==15228== Access not within mapped region at address 0xBEC1007C
==15228== at 0x4026058: __GI_strlen (mc_replace_strmem.c:284)
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== If you believe this happened as a result of a stack
==15228== overflow in your program's main thread (unlikely but
==15228== possible), you can try to increase the size of the
==15228== main thread stack using the --main-stacksize= flag.
==15228== The main thread stack size used in this run was 8388608.
==15228== Syscall param write(buf) points to uninitialised byte(s)
==15228== at 0x4107DC3: __write_nocancel (syscall-template.S:82)
==15228== by 0x40B0A1E: new_do_write (fileops.c:530)
==15228== by 0x40B0D35: _IO_do_write@@GLIBC_2.1 (fileops.c:503)
==15228== by 0x40B181C: _IO_file_overflow@@GLIBC_2.1 (fileops.c:881)
==15228== by 0x40B2DED: _IO_flush_all_lockp (genops.c:849)
==15228== by 0x40B3A4F: _IO_cleanup (genops.c:1010)
==15228== by 0x41670F0: ??? (in /lib/tls/i686/cmov/libc-2.11.1.so)
==15228== by 0x401F4F3: _vgnU_freeres (vg_preloaded.c:62)
==15228== by 0xBEC0D5F7: ???
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== Address 0x402a054 is not stack'd, malloc'd or (recently) free'd
==15228== Uninitialised value was created by a stack allocation
==15228== at 0x4060B01: (below main) (libc-start.c:96)
<snip>
==15228== HEAP SUMMARY:
==15228== in use at exit: 0 bytes in 0 blocks
==15228== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==15228==
==15228== All heap blocks were freed -- no leaks are possible
==15228==
==15228== ERROR SUMMARY: 7 errors from 4 contexts (suppressed: 12 from 7)
==15228==
==15228== 1 errors in context 1 of 4:
==15228== Syscall param write(buf) points to uninitialised byte(s)
==15228== at 0x4107DC3: __write_nocancel (syscall-template.S:82)
==15228== by 0x40B0A1E: new_do_write (fileops.c:530)
==15228== by 0x40B0D35: _IO_do_write@@GLIBC_2.1 (fileops.c:503)
==15228== by 0x40B181C: _IO_file_overflow@@GLIBC_2.1 (fileops.c:881)
==15228== by 0x40B2DED: _IO_flush_all_lockp (genops.c:849)
==15228== by 0x40B3A4F: _IO_cleanup (genops.c:1010)
==15228== by 0x41670F0: ??? (in /lib/tls/i686/cmov/libc-2.11.1.so)
==15228== by 0x401F4F3: _vgnU_freeres (vg_preloaded.c:62)
==15228== by 0xBEC0D5F7: ???
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== Address 0x402a054 is not stack'd, malloc'd or (recently) free'd
==15228== Uninitialised value was created by a stack allocation
==15228== at 0x4060B01: (below main) (libc-start.c:96)
==15228==
==15228==
==15228== 1 errors in context 2 of 4:
==15228== Invalid read of size 1
==15228== at 0x4026058: __GI_strlen (mc_replace_strmem.c:284)
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== Address 0xbec1007c is not stack'd, malloc'd or (recently) free'd
==15228==
==15228==
==15228== 1 errors in context 3 of 4:
==15228== Conditional jump or move depends on uninitialised value(s)
==15228== at 0x402605B: __GI_strlen (mc_replace_strmem.c:284)
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== Uninitialised value was created by a stack allocation
==15228== at 0x4060B01: (below main) (libc-start.c:96)
==15228==
==15228==
==15228== 4 errors in context 4 of 4:
==15228== Conditional jump or move depends on uninitialised value(s)
==15228== at 0x4026067: __GI_strlen (mc_replace_strmem.c:284)
==15228== by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228== by 0x40912BF: printf (printf.c:35)
==15228== by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228== Uninitialised value was created by a stack allocation
==15228== at 0x4060B01: (below main) (libc-start.c:96)
==15228==
--15228--
--15228-- used_suppression: 12 dl-hack3-cond-1
==15228==
==15228== ERROR SUMMARY: 7 errors from 4 contexts (suppressed: 12 from 7)
好的...所以我有幾個內存位置,valgrind顯示為未初始化,但我不知道如何...內部的結構和字符串是靜態定義的,並且結構的每個實例都是顯式聲明的。
我認為當訪問第二個結構(hjkl)中的一個元素時會發生分段錯誤。
跑gdb ......
(gdb) p asdf
$1 = {number = "1.1", '\000' <repeats 29 times>, description = {"clap", '\000' <repeats 123 times>, "clap", '\000' <repeats 123 times>,
"stomp", '\000' <repeats 122 times>, '\000' <repeats 127 times> <repeats 29 times>}}
(gdb) p hjkl
$2 = {number = "1.2", '\000' <repeats 29 times>, description = {"clop", '\000' <repeats 123 times>, "clop", '\000' <repeats 123 times>,
"stamp", '\000' <repeats 122 times>, '\000' <repeats 127 times> <repeats 29 times>}}
我只是沒有看到導致分段錯誤的原因......
你的測試(asdf.description)[i] != NULL
被破壞,永遠不會成真。 這是修復:
#include <stdio.h>
#define VERSION_NUMBER_LEN 32
#define MAX_DESCRIPTION_COUNT 32
#define DESCRIPTION_LEN 128
int main(void)
{
struct foo {
char number[VERSION_NUMBER_LEN + 1];
char description[MAX_DESCRIPTION_COUNT][DESCRIPTION_LEN];
};
struct foo asdf = {
"1.1", { "clap", "clap", "stomp", "" }
};
struct foo hjkl = {
"1.2", { "clop", "clop", "stamp", "" }
};
int i;
printf( "%s\n", asdf.number );
for( i = 0; (asdf.description)[i][0] != 0; i++ ){
printf( "\t%s\n", (asdf.description)[i]);
}
printf("\n");
printf( "%s\n", hjkl.number );
for( i = 0; (hjkl.description)[i][0] != 0; i++ ){
printf( "\t%s\n", (hjkl.description)[i]);
}
}
問題不在於您的初始化字符串本身,而在於字符數組與字符指針的混淆。
特別是,這不符合您的想法:
struct foo asdf = {
"1.1", { "clap", "clap", "stomp", NULL }
};
你正在用字符串clap,clap和stomp OK初始化foo::description[][]
,但是你將第二個字符串的第一個字符分配給NULL
。 如果您指定指針,這將起作用,但是您嘗試將NULL
轉換為字符數組,而不是將指向字符的指針設置為NULL
,如果這有意義的話。
您正在檢查指針是否為NULL,因為數組是預先聲明的,所以它永遠不會是。
所以簡單地改變
for( i = 0; (hjkl.description)[i] != NULL; i++ ){
至
for( i = 0; *(hjkl.description)[i] != NULL; i++ ){
也就是說,檢查數組中每個字符串的第一個索引中的NULL
字符 ,而不是嘗試檢查字符指針本身的(不可能)條件為NULL
。
最終完成的代碼:
#include <stdio.h>
#define VERSION_NUMBER_LEN 32
#define MAX_DESCRIPTION_COUNT 32
#define DESCRIPTION_LEN 128
int main(void)
{
struct foo {
char number[VERSION_NUMBER_LEN + 1];
char description[MAX_DESCRIPTION_COUNT][DESCRIPTION_LEN];
};
struct foo asdf = {
"1.1", { "clap", "clap", "stomp", NULL }
};
struct foo hjkl = {
"1.2", { "clop", "clop", "stamp", NULL }
};
int i;
printf( "%s\n", asdf.number );
for( i = 0; *(asdf.description)[i] != NULL; i++ ){
printf( "\t%s\n", (asdf.description)[i]);
}
printf("\n");
printf( "%s\n", hjkl.number );
for( i = 0; *(hjkl.description)[i] != NULL; i++ ){
printf( "\t%s\n", (hjkl.description)[i]);
}
}
如果結構如下所示,您的代碼將起作用:
struct foo {
char number[VERSION_NUMBER_LEN + 1];
char *description[MAX_DESCRIPTION_COUNT];
};
基本上,(從我可以看到)沒有真正需要硬編碼實際描述字符數組本身,只有它們的數量。 代碼的其余部分將起作用。
此外,如果您在編譯期間查看警告(假設NULL
定義為((void *)0)
就像在大多數現代C編譯器上一樣),您將收到以下警告:
test.c:13:43: warning: incompatible pointer to integer conversion initializing
'char' with an expression of type 'void *';
"1.1", { "clap", "clap", "stomp", NULL }
^~~~
/usr/include/stdio.h:82:14: note: expanded from:
#define NULL __DARWIN_NULL
^
/usr/include/sys/_types.h:91:23: note: expanded from:
#define __DARWIN_NULL ((void *)0)
^~~~~~~~~~~
test.c:13:43: warning: suggest braces around initialization of subobject
[-Wmissing-braces]
"1.1", { "clap", "clap", "stomp", NULL }
^~~~
/usr/include/stdio.h:82:14: note: expanded from:
#define NULL __DARWIN_NULL
^
/usr/include/sys/_types.h:91:23: note: expanded from:
#define __DARWIN_NULL ((void *)0)
^~~~~~~~~~~
test.c:17:43: warning: incompatible pointer to integer conversion initializing
'char' with an expression of type 'void *';
"1.2", { "clop", "clop", "stamp", NULL }
^~~~
/usr/include/stdio.h:82:14: note: expanded from:
#define NULL __DARWIN_NULL
^
/usr/include/sys/_types.h:91:23: note: expanded from:
#define __DARWIN_NULL ((void *)0)
^~~~~~~~~~~
test.c:17:43: warning: suggest braces around initialization of subobject
[-Wmissing-braces]
"1.2", { "clop", "clop", "stamp", NULL }
^~~~
/usr/include/stdio.h:82:14: note: expanded from:
#define NULL __DARWIN_NULL
^
/usr/include/sys/_types.h:91:23: note: expanded from:
#define __DARWIN_NULL ((void *)0)
^~~~~~~~~~~
4 warnings generated.
而宏NULL
意圖 (至少是由那些誰首先定義它)被專門用作一個指針值,這是經常#define
d用一個簡單的:
#define NULL 0
這可能是你的實現的情況(這里不重要,除了插圖;它可以定義為(void *)0
而不改變下面的結果 - 但這會導致編譯時抱怨你的初始化器)。 讓我們展開第一個for
在考慮上述循環:
for (i = 0; (asdf.description)[i] != 0; i++) {
printf( "\t%s\n", (asdf.description)[i]);
}
(旁注:這里不需要括號,因為.
和下標運算符的綁定已經是括號強制的。)每個asdf.description[i]
命名一個asdf.description[i]
數組(大小為DESCRIPTION_LEN
)的char
。 你因此比較:
<some array of char> != 0
數組對象的“值”是指向數組第一個元素的指針,因此其含義與:
&asdf.description[i][0] != 0
指針值( &asdf.description[i][0]
)與整數常量零的比較測試指針是否為NULL(不是“宏NULL
而是”系統的NULL指針的內部表示“)。一個有效的指針永遠不會比較等於0,所以循環運行(實際上)“永遠”(當然直到i> = 32)。
最終,對printf
的調用會傳遞一個指針值,導致您看到的分段錯誤。
據推測,你真正想做的是在最后一個有全零字節char
(或至少是一個初始零字節)的有效數據之后初始化數組。 在這種情況下,循環測試應為:
asdf.description[i][0] != '\0'
您可能還會考慮32元素數組( char
的DESCRIPTION_LEN
數組)完全填充有效的char-char數組的可能性。 在這種情況下,你應該在查看asdf.description[i][anything]
之前檢查i
的值:
i < MAX_DESCRIPTION_COUNT && asdf.description[i][0] != '\0'
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.