为什么我在此代码中出现缓冲区溢出?

问题描述 投票:1回答:1
typedef struct
{
    int top;
    char *arr;
}adjacent;

char *removeDuplicates(char * S)
{
    int count = 0;
    adjacent *ptr = malloc(sizeof(adjacent));
    ptr->top = 0;
    ptr->arr = malloc(sizeof(char) * strlen(S));

    ptr->arr[0] = S[0];
    for(int i = 1; i < strlen(S); i++)
    {
        if(ptr->arr[ptr->top] == S[i])
        {
            count--;
            ptr->top = (ptr->top) - 1;
        }
        else
        {
            count++;
            ptr->top = (ptr->top) + 1;
            ptr->arr[ptr->top] = S[i];
        }
    }
    ptr->arr[count + 1] = '\0';
    return ptr->arr;
}

我收到的错误是在leetcode.com网站上。问题是要从字符串中删除所有相邻的重复项。给定一个由小写字母组成的字符串S,重复删除包括选择两个相邻且相等的字母,然后将其删除。

我们反复对S进行重复删除,直到我们不再可以。

在进行所有此类重复删除之后,返回最后的字符串。保证答案是唯一的。

错误:

Runtime Error
=================================================================
==29==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000004f at pc 0x0000004018ae bp 0x7ffed3a16300 sp 0x7ffed3a162f8
READ of size 1 at 0x60200000004f thread T0
    #2 0x7f9d2765f2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
0x60200000004f is located 1 bytes to the left of 6-byte region [0x602000000050,0x602000000056)
allocated by thread T0 here:
    #0 0x7f9d28ae92b0 in malloc (/usr/local/lib64/libasan.so.5+0xe82b0)
    #3 0x7f9d2765f2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
Shadow bytes around the buggy address:
  0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c047fff8000: fa fa 07 fa fa fa 00 00 fa[fa]06 fa fa fa fa fa
  0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==29==ABORTING
c string pointers stack buffer-overflow
1个回答
0
投票

首先,绝对没有理由在这里使用单独的结构。在您使用它的方式上,您甚至引入了一个错误,因为ptr永远不会是free d,而且只会使代码看起来不必要地混乱。

此外,您需要为字符串终止符留出空间。

已修复上述问题的代码:

char *removeDuplicates(char * S)
{
    int count = 0;
    int top = 0;
    char *arr = (sizeof(*arr) * (strlen(S)+1))

    arr[0] = S[0];
    for(int i = 1; i < strlen(S); i++)
    {
        if(arr[top] == S[i])
        {
            count--;
            top--;
        }
        else
        {
            count++;
            top++;
            arr[top] = S[i];
        }
    }
    arr[count + 1] = '\0';
    return arr;
}

更清洁。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.