I have a problem. I'm allocating space for a char*, but when I'm trying to free the space, my program crashes.
我有个问题。我正在为char *分配空间,但是当我试图释放空间时,我的程序崩溃了。
this is the code
这是代码
fullPath = (char *) malloc(strlen(path) + strlen(fileData->d_name) + 1);
if (fullPath == NULL)
{
handleErrors(ERR_ALOCATION_CODE);
}
sprintf(fullPath, "%s/%s", path, fileData->d_name);
//... some more code, I only use fullPath, I don't change it here
free(fullPath);
The code above failed when trying to free. I would appreciate some help.
尝试释放时,上面的代码失败了。我会感激一些帮助。
1 个解决方案
#1
5
You are not allocating space for the string terminating NUL character. So change allocation to this:
您没有为终止NUL字符的字符串分配空间。所以改变分配给:
// allocate memory for 1st part, slash, 2nd part and terminating NUL char
fullPath = malloc(strlen(path) + 1 + strlen(fileData->d_name) + 1);
Note also, in C it's bad practice to cast return value of malloc, so I removed that.
另请注意,在C中,转换malloc的返回值是不好的做法,所以我删除了它。
It might be an improvement to use snprintf, in case you calculate the length wrong, though is might be a matter of opinion in this case. Anyway, then the code would become
如果你计算错误的长度,使用snprintf可能是一种改进,尽管在这种情况下可能是一个意见问题。无论如何,那么代码就会变成
// size for 1st part, slash, 2nd part and terminating NUL char
size_t bufsize = strlen(path) + 1 + strlen(fileData->d_name) + 1;
fullPath = malloc(bufsize);
//...
snprintf(fullPath, bufsize, "%s/%s", path, fileData->d_name);
Then a bug would not cause undefined behavior, but instead produce path with chars chopped of from the end. This is much nicer error situation (file not found error for example) than random crash, not to mention much easier to debug, when you can print the file name and see how it's not right.
然后一个错误不会导致未定义的行为,而是产生从末尾切断的字符的路径。这是一个比随机崩溃更好的错误情况(例如文件未找到错误),更不用说调试了,当你可以打印文件名并看看它是不对的时候。
Some explanation: In the question code, because you allocate 1 byte too little, you cause buffer overlow, which is undefined behavior, so basically anything can happen. For 1 byte buffer overflow, it'd be quite possible that nothing bad would happen, as there might be unused bytes at the end of the allocation. So in a way you got really lucky to catch this so early. You can imagine how hard it's to find a bug, when the program crashes only when string length is exact multiple of 16 and works otherwise... Fortunately there are tools for detecting stuff like this, but best defence is to be a pedantic C programmer, who strives to write good code...
一些解释:在问题代码中,因为你分配1个字节太少,导致缓冲区溢出,这是未定义的行为,所以基本上任何事情都可能发生。对于1字节缓冲区溢出,很可能不会发生任何错误,因为在分配结束时可能存在未使用的字节。所以在某种程度上你很幸运能够如此早地抓住这一点。你可以想象找到一个bug有多难,当程序崩溃时只有当字符串长度是16的精确倍数并且工作正常...幸运的是有一些工具可以检测这样的东西,但最好的防御是成为一个迂腐的C程序员,谁努力写好代码......
#1
5
You are not allocating space for the string terminating NUL character. So change allocation to this:
您没有为终止NUL字符的字符串分配空间。所以改变分配给:
// allocate memory for 1st part, slash, 2nd part and terminating NUL char
fullPath = malloc(strlen(path) + 1 + strlen(fileData->d_name) + 1);
Note also, in C it's bad practice to cast return value of malloc, so I removed that.
另请注意,在C中,转换malloc的返回值是不好的做法,所以我删除了它。
It might be an improvement to use snprintf, in case you calculate the length wrong, though is might be a matter of opinion in this case. Anyway, then the code would become
如果你计算错误的长度,使用snprintf可能是一种改进,尽管在这种情况下可能是一个意见问题。无论如何,那么代码就会变成
// size for 1st part, slash, 2nd part and terminating NUL char
size_t bufsize = strlen(path) + 1 + strlen(fileData->d_name) + 1;
fullPath = malloc(bufsize);
//...
snprintf(fullPath, bufsize, "%s/%s", path, fileData->d_name);
Then a bug would not cause undefined behavior, but instead produce path with chars chopped of from the end. This is much nicer error situation (file not found error for example) than random crash, not to mention much easier to debug, when you can print the file name and see how it's not right.
然后一个错误不会导致未定义的行为,而是产生从末尾切断的字符的路径。这是一个比随机崩溃更好的错误情况(例如文件未找到错误),更不用说调试了,当你可以打印文件名并看看它是不对的时候。
Some explanation: In the question code, because you allocate 1 byte too little, you cause buffer overlow, which is undefined behavior, so basically anything can happen. For 1 byte buffer overflow, it'd be quite possible that nothing bad would happen, as there might be unused bytes at the end of the allocation. So in a way you got really lucky to catch this so early. You can imagine how hard it's to find a bug, when the program crashes only when string length is exact multiple of 16 and works otherwise... Fortunately there are tools for detecting stuff like this, but best defence is to be a pedantic C programmer, who strives to write good code...
一些解释:在问题代码中,因为你分配1个字节太少,导致缓冲区溢出,这是未定义的行为,所以基本上任何事情都可能发生。对于1字节缓冲区溢出,很可能不会发生任何错误,因为在分配结束时可能存在未使用的字节。所以在某种程度上你很幸运能够如此早地抓住这一点。你可以想象找到一个bug有多难,当程序崩溃时只有当字符串长度是16的精确倍数并且工作正常...幸运的是有一些工具可以检测这样的东西,但最好的防御是成为一个迂腐的C程序员,谁努力写好代码......