65,186
社区成员
发帖
与我相关
我的任务
分享strcpy的越界问题
void test1()
{
char string[10];
char* str = "0123456789";
strcpy(string, str);
std::cout << string << std::endl;
}
strcpy函数中while((*address++ = *strSrc++) != '\0'); address与strDest指向同一个地址,
那么上面的test1函数中在&string+1处的值不是改变成了'\0'了么?为什么不发生运行时错误?
{
char string[10];
char* str = "0123456789";
strcpy(string, str);
std::cout << string << std::endl;
}
strcpy函数中while((*address++ = *strSrc++) != '\0'); address与strDest指向同一个地址,
那么上面的test1函数中在&string+1处的值不是改变成了'\0'了么?为什么不发生运行时错误?
...全文
请发表友善的回复…
发表回复
mengxiangying504 2008-12-06
- 打赏
- 举报
我问的问题是为什么数组越界了,却可以输出正确的结果...
mengxiangying504 2008-12-06
- 打赏
- 举报
先改正一下“address与strDest指向同一个地址”,我写错,应该是*address和*strDest相等。
另外:我的程序运行是没有发生运行时错误的...何解
另外:我的程序运行是没有发生运行时错误的...何解
xxgamexx 2008-12-06
- 打赏
- 举报
[Quote=引用 10 楼 mengxiangying504 的回复:]
我问的问题是为什么数组越界了,却可以输出正确的结果...
[/Quote]
1,语言不对数组越界进行审查
2,你这里只是的破换了一个指向常量的指针(也就是 char* str = "0123456789";)
,并不构成什么太大的危险~
你可以试试破坏一个堆指针。
我问的问题是为什么数组越界了,却可以输出正确的结果...
[/Quote]
1,语言不对数组越界进行审查
2,你这里只是的破换了一个指向常量的指针(也就是 char* str = "0123456789";)
,并不构成什么太大的危险~
你可以试试破坏一个堆指针。
once_and_again 2008-12-06
- 打赏
- 举报
The strncpy() function is similar, except that not more than n bytes of
src are copied. Thus, if there is no null byte among the first n bytes
of src, the result will not be null-terminated.
src are copied. Thus, if there is no null byte among the first n bytes
of src, the result will not be null-terminated.
once_and_again 2008-12-06
- 打赏
- 举报
The strcpy() function copies the string pointed to by src (including
the terminating ‘\0’ character) to the array pointed to by dest. The
strings may not overlap, and the destination string dest must be large
enough to receive the copy.
the terminating ‘\0’ character) to the array pointed to by dest. The
strings may not overlap, and the destination string dest must be large
enough to receive the copy.
winingsky 2008-12-06
- 打赏
- 举报
[Quote=引用 6 楼 wanfustudio 的回复:]
缺少保护意识。
|
|2.1 Memory Copy
| ex_1.
| char *p = MALLOC(10);
| MEMCPY(p, "123456789",9);
|
| p
| -----------------------------------------
| | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | ? |
| -----------------------------------------
| ^ …
[/Quote]
UP!
缺少保护意识。
|
|2.1 Memory Copy
| ex_1.
| char *p = MALLOC(10);
| MEMCPY(p, "123456789",9);
|
| p
| -----------------------------------------
| | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | ? |
| -----------------------------------------
| ^ …
[/Quote]
UP!
NKLoveRene 2008-12-06
- 打赏
- 举报
strncpy
bfhtian 2008-12-05
- 打赏
- 举报
up ls
wangyaosuper 2008-12-05
- 打赏
- 举报
[Quote=引用 3 楼 SearchLife 的回复:]
void test1()
{
char string[10]; //应为char string[11];"0123456789"后有一个'\0'
char* str = "0123456789";
strcpy(string, str);
std::cout < < string < < std::endl;
}
[/Quote]
正解
void test1()
{
char string[10]; //应为char string[11];"0123456789"后有一个'\0'
char* str = "0123456789";
strcpy(string, str);
std::cout < < string < < std::endl;
}
[/Quote]
正解
飞哥 2008-12-05
- 打赏
- 举报
缺少保护意识。
|
|2.1 Memory Copy
| ex_1.
| char *p = MALLOC(10);
| MEMCPY(p, "123456789",9);
|
| p
| -----------------------------------------
| | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | ? |
| -----------------------------------------
| ^
| |
| p[9]
|
| if you do "STRLEN(p) = ?" are you sure it is 9?
|
| ex_2.
| char *p = MALLOC(10);
| MEMCPY(p, "1234567890",10);
|
| p
| -----------------------------------------
| | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 | ? | ? | ? |
| -----------------------------------------
| ^
| |
| p[9]
|
| if you do "STRLEN(p) = ?" are you sure it is 10?
|
| Solution:
| const int MAX_SIZE_FOR_THIS_EX 10
|
| char *p = MALLOC(MAX_SIZE_FOR_THIS_EX + 1); // 1 more room needed.
| MEMSET(, 0x0, MAX_SIZE_FOR_THIS_EX + 1); // set to zero for all
| MEMCPY(p, "123456789",MAX_SIZE_FOR_THIS_EX);// copy size
|
|2.1 Memory Copy
| ex_1.
| char *p = MALLOC(10);
| MEMCPY(p, "123456789",9);
|
| p
| -----------------------------------------
| | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | ? |
| -----------------------------------------
| ^
| |
| p[9]
|
| if you do "STRLEN(p) = ?" are you sure it is 9?
|
| ex_2.
| char *p = MALLOC(10);
| MEMCPY(p, "1234567890",10);
|
| p
| -----------------------------------------
| | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 | ? | ? | ? |
| -----------------------------------------
| ^
| |
| p[9]
|
| if you do "STRLEN(p) = ?" are you sure it is 10?
|
| Solution:
| const int MAX_SIZE_FOR_THIS_EX 10
|
| char *p = MALLOC(MAX_SIZE_FOR_THIS_EX + 1); // 1 more room needed.
| MEMSET(, 0x0, MAX_SIZE_FOR_THIS_EX + 1); // set to zero for all
| MEMCPY(p, "123456789",MAX_SIZE_FOR_THIS_EX);// copy size
zxianrong 2008-12-05
- 打赏
- 举报
其实是越界的吧,编译器的缘故,多给了两个CHAR ,长度定义为9也不错,8就错了。
xxgamexx 2008-12-05
- 打赏
- 举报
1,address与strDest指向同一个地址
指向了同一地址???
怎么会?
2,&string+1 指向的应该是*str的栈地址。
而strcpy(string, str); 函数过后,破换了*str地址,导致程序会发生严重错误!
如下代码:
指向了同一地址???
怎么会?
2,&string+1 指向的应该是*str的栈地址。
而strcpy(string, str); 函数过后,破换了*str地址,导致程序会发生严重错误!
如下代码:
[root@localhost ~]# cat 1123.cpp && ./1123
#include <iostream>
#include <string.h>
int main()
{
char string[10];
char* str = "0123456789";
strcpy(string, str);
std::cout <<*(&string+1) << std::endl;
std::cout<<str<<std::endl;
return 0;
}
U��S���H����t�H�f���������u���[]���U��S��
[root@localhost ~]#
SearchLife 2008-12-05
- 打赏
- 举报
void test1()
{
char string[10]; //应为char string[11];"0123456789"后有一个'\0'
char* str = "0123456789";
strcpy(string, str);
std::cout < < string < < std::endl;
}
{
char string[10]; //应为char string[11];"0123456789"后有一个'\0'
char* str = "0123456789";
strcpy(string, str);
std::cout < < string < < std::endl;
}
子晞 2008-12-05
- 打赏
- 举报
http://topic.csdn.net/t/20060416/14/4690289.html
机智的呆呆 2008-12-05
- 打赏
- 举报
0字符的assic码是48
\0字符的是0怎么会是一样的?
\0字符的是0怎么会是一样的?
