Re: memory clobber

Discussion in 'C Programming' started by Barry Schwarz, Jul 1, 2003.

  1. On Mon, 30 Jun 2003 15:26:11 GMT, Jeff <> wrote:

    >Hello,
    >
    >I was wondering if I could get another set of eyes to look at this. I've
    >been staring at it too long and I'm certain that I'm missing something
    >obvious. The x*alloc functions are wrappers around *alloc and they add
    >error handling. "this->files" is a char**;
    >
    >void
    >increment_keys( CONF this, char *key )
    >{
    > int x = 0;
    > char **tmp;
    > if(!strncasecmp(key, "mail:addr", 9)){
    > this->esize ++;
    > tmp = xrealloc(this->email, this->esize * sizeof *this->email);
    > if( tmp ){
    > this->email = tmp;
    > this->email[this->esize -1] = xmalloc(strlen(key));
    > strncpy(this->email[this->esize -1], key, strlen(key));


    This guarantees that this->email will not point to a string (because
    you have not allocated space for nor copied the terminating '\0'). Is
    this what you really intended?

    > }
    > }
    > if(!strncasecmp(key, "file", 4)){
    > if(this->fsize > 0){
    > for( x = 0; x < this->fsize; x++ ){
    > if(this->files[x] != NULL && !strncasecmp(this->files[x], key,5))
    > return;
    > }
    > }
    > this->fsize ++;
    > tmp = xrealloc(this->files, this->fsize * sizeof *this->files);
    > if( tmp ){
    > this->files = tmp;
    > this->files[this->fsize -1] = xmalloc(strlen(key));
    > /**
    > * We clobber memory the fourth time I invoke xrealloc
    > * above and assign key to this->files[3]
    > */
    > strncpy(this->files[this->fsize -1], key, strlen(key));


    Ditto. In this case you definitely want a string for the following
    printf. You need something like

    this->file[this->fsize-1] = xmalloc(strlen(key)+1);
    strcpy(this->files[this->fsize-1], key);

    > printf("inc: %s\n", this->files[this->fsize -1]);


    this->files does not have a terminating '\0'; it is not a string. You
    cannot print it with %s. You have invoked undefined behavior.

    > }
    > }
    > return;
    >}




    <<Remove the del for email>>
     
    Barry Schwarz, Jul 1, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris Riesbeck

    XMLEncoder can clobber arrays

    Chris Riesbeck, Dec 18, 2003, in forum: Java
    Replies:
    7
    Views:
    1,961
    Adam Jenkins
    Dec 19, 2003
  2. Joseph Turian
    Replies:
    2
    Views:
    293
    Joseph Turian
    Mar 21, 2006
  3. kj

    no-clobber dicts?

    kj, Aug 3, 2009, in forum: Python
    Replies:
    12
    Views:
    593
  4. PerlFAQ Server
    Replies:
    0
    Views:
    591
    PerlFAQ Server
    Feb 11, 2011
  5. PerlFAQ Server
    Replies:
    0
    Views:
    590
    PerlFAQ Server
    Mar 9, 2011
Loading...

Share This Page