C中的内存分配运行时错误

时间:2022-09-06 15:24:07

I have created the following code, a simple brute force program for printable ascii. The user passes in the parameters for starting passphrase length and ending passphrase length. When my program runs I get the following error:

我创建了以下代码,一个用于可打印ascii的简单强力程序。用户传入参数以开始密码短语长度和结束密码短语长度。当我的程序运行时,我收到以下错误:

Input:

输入:

~$ Enter START length & END length ex:(8 10): 2 3

Output:

输出:

... (more output above)
~|
~}
~~

*** glibc detected *** ./wordgen: double free or corruption (out): 0x0916e008 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x6cbe1)[0x874be1]
/lib/i386-linux-gnu/libc.so.6(+0x6e50b)[0x87650b]
/lib/i386-linux-gnu/libc.so.6(cfree+0x6d)[0x87969d]
./wordgen[0x80486f4]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x81ee37]
./wordgen[0x8048471]
======= Memory map: ========
00110000-0012a000 r-xp 00000000 08:06 3408733    /lib/i386-linux-gnu/libgcc_s.so.1Aborted

Valgrind Output:

Valgrind输出:

==11050== Invalid read of size 1
==11050==    at 0x804866F: main (wordgen.c:37)
==11050==  Address 0x41a2027 is 1 bytes before a block of size 3 alloc'd
==11050==    at 0x4026864: malloc (vg_replace_malloc.c:236)
==11050==    by 0x8048600: main (wordgen.c:28)
==11050== 
==11050== Invalid write of size 1
==11050==    at 0x8048675: main (wordgen.c:37)
==11050==  Address 0x41a2027 is 1 bytes before a block of size 3 alloc'd
==11050==    at 0x4026864: malloc (vg_replace_malloc.c:236)
==11050==    by 0x8048600: main (wordgen.c:28)
==11050== 
==11050== Invalid read of size 1
==11050==    at 0x8048689: main (wordgen.c:38)
==11050==  Address 0x41a2027 is 1 bytes before a block of size 3 alloc'd
==11050==    at 0x4026864: malloc (vg_replace_malloc.c:236)
==11050==    by 0x8048600: main (wordgen.c:28)
==11050==

C Code:

C代码:

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main(int argc, char *argv[]) {
  int  sLen = 1;
  int  eLen = 0;

  printf("Enter START length & END length ex:(8 10): ");
  scanf("%d %d", &sLen, &eLen);
  int cLen = sLen;
  while (cLen <= eLen) {

    /* Allocate Memory for String  & Initialize */
    char *outStr = malloc(cLen + 1);
    memset(outStr, ' ', cLen);
    outStr[cLen] = 0;

    int outerControl = 1;
    while (outerControl == 1) {
      int cMod = 1;
      int innerControl = 1;
      while(innerControl == 1) {
        outStr[cLen-cMod] += 1;
        if((int)outStr[cLen-cMod] == 127) {
          //Exit Condition Where The Error Occurred
          if(cLen - cMod == 0) { outerControl = 0;  } 
          outStr[cLen-cMod] = 32;
          cMod += 1;
        }
        else { innerControl = 0; }
      }
      printf("%s\n",outStr);
    }
    free(outStr); // Possible source of Error?
    cLen += 1;
  }

  return 0;
}

I am new to C programming and am completely baffled by this error. What does it mean? How did I create my program incorrectly? I'm assuming it has something to do with memory management...

我是C编程的新手,对这个错误感到非常困惑。这是什么意思?我是如何错误地创建程序的?我假设它与内存管理有关...

2 个解决方案

#1

3  

Your problem is:

你的问题是:

while(innerControl == 1) {
  printf("%d %d\n", cLen, cMod);
  outStr[cLen-cMod] += 1;                       // <-- this here
  if((int)outStr[cLen-cMod] == 127) {
    //Exit Condition Where The Error Occurred
    if(cLen - cMod == 0) { outerControl = 0;  }
    outStr[cLen-cMod] = 32;
    cMod += 1;
  }
  else { innerControl = 0; }
}

At some point, cMod grows to be larger than cLen, so you're accessing outStr out of its bounds (i.e.: outStr[-1]). This behavior is undefined.

在某些时候,cMod增长到大于cLen,所以你访问outStr超出它的界限(即:outStr [-1])。此行为未定义。

This condition:

这个条件:

if(cLen - cMod == 0) { outerControl = 0;  }

...seems to be there to prevent that, but will only be executed if (int)outStr[cLen-cMod] == 127. You probably should add something like:

...似乎是为了防止这种情况,但只会在(int)outStr [cLen-cMod] == 127时执行。你可能应该添加如下内容:

if (cMod > cLen)
    break;

outStr[cLen-cMod] += 1;

#2

0  

You free outStr on each pass of your while (cLen <= eLen) loop, so it would work correctly only if eLen - cLen < 1 ;)

你在while(cLen <= eLen)循环的每次传递中释放outStr,所以只有当eLen - cLen <1时它才能正常工作

Update: sorry, I was wrong -- you malloc it at each pass.

更新:对不起,我错了 - 你在每次通过时都会把它搞定。

I tried your program and it worked without any error on my mac. Try to use valgrind to find out what is happening.

我尝试了你的程序,它在我的mac上没有任何错误。尝试使用valgrind来了解发生了什么。

#1

3  

Your problem is:

你的问题是:

while(innerControl == 1) {
  printf("%d %d\n", cLen, cMod);
  outStr[cLen-cMod] += 1;                       // <-- this here
  if((int)outStr[cLen-cMod] == 127) {
    //Exit Condition Where The Error Occurred
    if(cLen - cMod == 0) { outerControl = 0;  }
    outStr[cLen-cMod] = 32;
    cMod += 1;
  }
  else { innerControl = 0; }
}

At some point, cMod grows to be larger than cLen, so you're accessing outStr out of its bounds (i.e.: outStr[-1]). This behavior is undefined.

在某些时候,cMod增长到大于cLen,所以你访问outStr超出它的界限(即:outStr [-1])。此行为未定义。

This condition:

这个条件:

if(cLen - cMod == 0) { outerControl = 0;  }

...seems to be there to prevent that, but will only be executed if (int)outStr[cLen-cMod] == 127. You probably should add something like:

...似乎是为了防止这种情况,但只会在(int)outStr [cLen-cMod] == 127时执行。你可能应该添加如下内容:

if (cMod > cLen)
    break;

outStr[cLen-cMod] += 1;

#2

0  

You free outStr on each pass of your while (cLen <= eLen) loop, so it would work correctly only if eLen - cLen < 1 ;)

你在while(cLen <= eLen)循环的每次传递中释放outStr,所以只有当eLen - cLen <1时它才能正常工作

Update: sorry, I was wrong -- you malloc it at each pass.

更新:对不起,我错了 - 你在每次通过时都会把它搞定。

I tried your program and it worked without any error on my mac. Try to use valgrind to find out what is happening.

我尝试了你的程序,它在我的mac上没有任何错误。尝试使用valgrind来了解发生了什么。

标签:

相关文章