18,356
社区成员
发帖
与我相关
我的任务
分享VS中 MFC通信 调试时候基于堆栈的缓冲区溢出
请教各位前辈,
0x00007FF7A0F1012C 处有未经处理的异常(在 Client.exe 中): 堆栈 Cookie 检测代码检测到基于堆栈的缓冲区溢出。
在调用堆栈中查到自己代码部分如下图
箭头在最后一个括号前,那这个错误是在哪?
...全文
请发表友善的回复…
发表回复
qq_33379709 2017-12-26
- 打赏
- 举报
我觉得
strcpy(tempName, wsabuf[1].buf);
strcpy(tempCorX, wsabuf[2].buf);
strcpy(tempCorY, wsabuf[3].buf);
strcpy(tempXSpeed, wsabuf[4].buf);
strcpy(tempYSpeed, wsabuf[5].buf);
这种很可疑
赵4老师 2017-12-24
- 打赏
- 举报
其实电脑开机后物理内存的每个字节中都有值且都是可读写的,从来不会因为所谓的new、delete或malloc、free而被创建、销毁。区别仅在于操作系统内存管理模块在你读写时是否能发现并是否采取相应动作而已。操作系统管理内存的粒度不是字节而是页,一页通常为4KB。
zgl7903 2017-12-22
- 打赏
- 举报
for (int i = 0; i < MESS_KIND; i++)
{
wsabuf[i].buf = new char[BUF_LEN];
wsabuf[i].len = BUF_LEN;
}
err = WSARecv(m_socket, wsabuf, MESS_LEN, &dwRead, &dwFlag, NULL, NULL);
//上面分配BUF_LEN 读取 MESS_LEN , 如果 MESS_LEN 大于 BUF_LEN 时会存在越界覆盖问题
wyx234k 2017-12-22
- 打赏
- 举报
是这样啊,但是定位到我的代码的时候是指在括号位置
赵4老师 2017-12-22
- 打赏
- 举报
崩溃的时候在弹出的对话框按相应按钮进入调试,按Alt+7键查看Call Stack即“调用堆栈”里面从上到下列出的对应从里层到外层的函数调用历史。双击某一行可将光标定位到此次调用的源代码或汇编指令处,看不懂时双击下一行,直到能看懂为止。
wyx234k 2017-12-22
- 打赏
- 举报
这个问题有时候一会就出现出现,有时候运行很长时间才出现
我觉得是这部分代码的问题
strcpy(tempName, wsabuf[1].buf);
strcpy(tempCorX, wsabuf[2].buf);
strcpy(tempCorY, wsabuf[3].buf);
strcpy(tempXSpeed, wsabuf[4].buf);
strcpy(tempYSpeed, wsabuf[5].buf);
strcpy将数组复制给数组的问题,可是调试中断点看数据也没看出什么来
@zgl7903 您看呢?
@zgl7903 您看呢?wyx234k 2017-12-22
- 打赏
- 举报
代码改成下面还是同样的错误
for (int i = 0; i < MESS_KIND; i++)
{
wsabuf[i].buf = new char[BUF_LEN];
wsabuf[i].len = BUF_LEN;
}
err = WSARecv((SOCKET)wParam, wsabuf, MESS_KIND, &dwRead, &dwFlag, NULL, NULL);
WSARecv的第三个参数 MESS_KIND是WSABUF结构个数,BUF_LEN是数组中元素可接收长度
zgl7903 2017-12-20
- 打赏
- 举报
wsabuf 是怎么分配的?
wyx234k 2017-12-20
- 打赏
- 举报
@zgl7903
wsabuf[0]来存命令
wsabuf[1]来存名字
wsabuf[2]用来存x坐标
wsabuf[3]用来存y坐标
wsabuf[4]、wsabuf[5]分别用来存x,y方向的速度。
MESS_KIND 为10 MESS_LEN 为6
wyx234k 2017-12-20
- 打赏
- 举报
LRESULT CTCPClientView::OnSock(WPARAM wParam, LPARAM lParam)
{
switch (LOWORD(lParam))
{
case FD_READ:
{
WSABUF wsabuf[MESS_KIND];
DWORD dwRead;
DWORD dwFlag = 0;
int err;
for (int i = 0; i < MESS_KIND; i++)
{
wsabuf[i].buf = new char[BUF_LEN];
wsabuf[i].len = BUF_LEN;
}
err = WSARecv(m_socket, wsabuf, MESS_LEN, &dwRead, &dwFlag, NULL, NULL);
if (err == SOCKET_ERROR)
{
MessageBox("接收数据失败!", "提示");
return 1;
}
if (strcmp(wsabuf[0].buf, "error") == 0) //strcmp函数对字符的ASCII码进行比较,相同为0
{
MessageBox(wsabuf[1].buf, "错误");
closesocket(m_socket);
if (FALSE == InitSocket())
{
MessageBox("初始化socket失败!", "提示");
return 1;
}
pConectDlg->ShowWindow(SW_SHOW);
return 1;
}
if (strcmp(wsabuf[0].buf, "ready") == 0)
{
char tempName[BUF_LEN];
char tempCorX[BUF_LEN], tempCorY[BUF_LEN];
char tempXSpeed[BUF_LEN], tempYSpeed[BUF_LEN];
strcpy(tempName, wsabuf[1].buf);
strcpy(tempCorX, wsabuf[2].buf);
strcpy(tempCorY, wsabuf[3].buf);
strcpy(tempXSpeed, wsabuf[4].buf);
strcpy(tempYSpeed, wsabuf[5].buf);
//Sleep(50);
map<CString, CClient *>::iterator tempIter;
tempIter = clientTable.find((CString)tempName);
if (tempIter == clientTable.end())
{
CClient *newClient = new CClient;
newClient->m_name = (CString)tempName;
//MessageBox(tempName);
sscanf(tempCorX, "%lf", &(newClient->center.x));
sscanf(tempCorY, "%lf", &(newClient->center.y));
sscanf(tempXSpeed, "%lf", &(newClient->m_speed.xspeed));
sscanf(tempYSpeed, "%lf", &(newClient->m_speed.yspeed));
clientTable[(CString)tempName] = newClient;
}
else
{
//MessageBox(tempName);
CClient *nowClient = tempIter->second;
sscanf(tempCorX, "%lf", &(nowClient->center.x));
sscanf(tempCorY, "%lf", &(nowClient->center.y));
sscanf(tempXSpeed, "%lf", &(nowClient->m_speed.xspeed));
sscanf(tempYSpeed, "%lf", &(nowClient->m_speed.yspeed)); //sscanf指定格式读取
}
//MessageBox("ready!");
if (strcmp(wsabuf[1].buf, CTCPClientApp::myName) == 0)
{
pReadyDia = new CReadyDialog;
pReadyDia->DoModal();
}
}
for (int i = 0; i < MESS_KIND; i++)
{
if (strcmp(wsabuf[i].buf, "go") == 0)
{
if (pReadyDia != NULL)
{
pReadyDia->m_timeText.SetWindowText("倒计时: 3s开始!");
Sleep(1000);
pReadyDia->m_timeText.SetWindowText("倒计时: 2s开始!");
Sleep(1000);
pReadyDia->m_timeText.SetWindowText("倒计时: 1s开始!");
Sleep(1000);
//计时模块
CMainFrame *pFrame = (CMainFrame*)(AfxGetApp()->m_pMainWnd);
pFrame-> SetTimer(4, 1000, NULL);
pReadyDia->EndDialog(0);
pReadyDia = NULL;
}
}
}
if (strcmp(wsabuf[0].buf, "coordinate") == 0)
{
a = 1;
char tempName[BUF_LEN];
char tempCorX[BUF_LEN], tempCorY[BUF_LEN];
char tempXSpeed[BUF_LEN], tempYSpeed[BUF_LEN];
strcpy(tempName, wsabuf[1].buf);
strcpy(tempCorX, wsabuf[2].buf);
strcpy(tempCorY, wsabuf[3].buf);
strcpy(tempXSpeed, wsabuf[4].buf);
strcpy(tempYSpeed, wsabuf[5].buf);
//MessageBox(tempName);
map<CString, CClient *>::iterator tempIter;
tempIter = clientTable.find((CString)tempName);
if (tempIter == clientTable.end())
{
CClient *newClient = new CClient;
newClient->m_name = (CString)tempName;
//MessageBox(tempName);
sscanf(tempCorX, "%lf", &(newClient->center.x));
sscanf(tempCorY, "%lf", &(newClient->center.y));
sscanf(tempXSpeed, "%lf", &(newClient->m_speed.xspeed));
sscanf(tempYSpeed, "%lf", &(newClient->m_speed.yspeed));
clientTable[(CString)tempName] = newClient;
}
else
{
//MessageBox(tempName);
CClient *nowClient = tempIter->second;
sscanf(tempCorX, "%lf", &(nowClient->center.x));
sscanf(tempCorY, "%lf", &(nowClient->center.y));
sscanf(tempXSpeed, "%lf", &(nowClient->m_speed.xspeed));
sscanf(tempYSpeed, "%lf", &(nowClient->m_speed.yspeed));
}
}
if (strcmp(wsabuf[0].buf, "quit") == 0)
{
//MessageBox("用户退出!");
map<CString, CClient *>::iterator tempIter;
tempIter = clientTable.find((CString)wsabuf[1].buf);
//调试信息
//CString a = (CString)wsabuf[1].buf;
//printf("%s 已退出", a);
if (tempIter != clientTable.end())
{
delete tempIter->second;
clientTable.erase(tempIter);
}
}
for (int i = 0; i < MESS_KIND; i++)
delete[] wsabuf[i].buf;
break;
}
}
return 0;
}
