#include <stdio.h>
#include <stdlib.h>
#include <string.h>
struct foo{
int a; //4
char b[6]; //8
char *p; //4
char c[0];
};
#define EXPAND_MEM 15
int main()
{
printf("size =%u\n",sizeof(struct foo));
struct foo *pf = (struct foo*)malloc(sizeof(struct foo)+EXPAND_MEM*sizeof(int));
<span style="white-space:pre"> </span>/* 之前代码
<span style="white-space:pre"> </span>*<span style="white-space:pre"> </span><span style="font-family: Arial, Helvetica, sans-serif;">struct foo *pf = (struct foo*)malloc(sizeof(struct foo)+EXPAND_MEM);//这样后面赋值的时候就会越界</span><span style="font-family: Arial, Helvetica, sans-serif;"> </span>
<span style="white-space:pre"> </span>*/
if(!pf){
printf("there is not enough memory!\n");
exit(EXIT_FAILURE);
}
strcpy(pf->b,"hello");
printf("pf->b :%s,pf :%p\n",pf->b,pf);
int i;
for(i=0;i<EXPAND_MEM;i++){
*(pf->c +i)=i;
}
#if 1
printf("pf->b :%s,pf :%p\n",pf->b,pf);
printf("pf->c=[");
for(i=0;i<EXPAND_MEM;i++){
printf("%d ",*((pf->c)+i));
}
printf("]\n");
#endif
pf->p = (char *)calloc(EXPAND_MEM,sizeof(char));
if(!(pf->p)){
printf("there is not enough memory!\n");
exit(EXIT_FAILURE);
}
strcpy(pf->p,"I LOVE Linux");
printf("pf->p %s\n",pf->p);
free(pf->p);
free(pf);
return 0;
}