18,363
社区成员




数据类型:
struct TalkFrame
{
char cFlag[16];
unsigned __int32 iCom;
unsigned __int32 iLen;
};
char buffer[32];
memset(buffer,0,32);
struct TalkFrame *frame;
frame = (struct TalkFrame *)buffer;
sprintf(frame->cFlag,"TalkFrame");
frame->iLen = 0;
frame->iCom = TC_NORMAL_TALK;
考虑字节对齐后 TalkFrame 的大小是 32*3=96
char buffer[32];的大小是32
那么frame = (struct TalkFrame *)buffer;
frame指向的是的内存空间是32位的
(buffer的内存空间小于 frame 需要的内存空间 )
如果指向
frame->iLen = 0;
frame->iCom = TC_NORMAL_TALK;
这样不就越界了(超出buffer指向的内存空间)吗?