Linux 内存调试——数组越界
#include <stdio.h>
#include <stdlib.h>
int main()
{
int arr[5]={0,0,0,0,0};
int i=0;
for(i=0;i<5;i++) //不执行arr[5]=5;
{
arr[i]=i;
}
for(i=0;i<6;i++) //会输出arr[5]=5;数组已经越界了
printf("arr[%d] is %d\r\n",i,arr[i]);
return 0;
}
内存调试输出:
==3410== Memcheck, a memory error detector
==3410== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
...
arr[0] is 0
arr[1] is 1
arr[2] is 2
arr[3] is 3
arr[4] is 4
==3410== Conditional jump or move depends on uninitialised value(s)
==3410== at 0x4E9896A: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410== Use of uninitialised value of size 8
==3410== at 0x4E948FB: _itoa_word (_itoa.c:179)
==3410== by 0x4E97F9D: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410== Conditional jump or move depends on uninitialised value(s)
==3410== at 0x4E94905: _itoa_word (_itoa.c:179)
==3410== by 0x4E97F9D: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410== Conditional jump or move depends on uninitialised value(s)
==3410== at 0x4E980A4: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410== Conditional jump or move depends on uninitialised value(s)
==3410== at 0x4E98BDC: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
arr[5] is 31
--3410-- REDIR: 0x4ed39c0 (libc.so.6:free) redirected to 0x4c30cd0 (free)
==3410==
==3410== HEAP SUMMARY:
==3410== in use at exit: 0 bytes in 0 blocks
==3410== total heap usage: 1 allocs, 1 frees, 1,024 bytes allocated
==3410==
==3410== All heap blocks were freed -- no leaks are possible
==3410==
==3410== Use --track-origins=yes to see where uninitialised values come from
==3410== ERROR SUMMARY: 7 errors from 5 contexts (suppressed: 0 from 0)
==3410==
==3410== 1 errors in context 1 of 5:
==3410== Conditional jump or move depends on uninitialised value(s)
==3410== at 0x4E98BDC: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410==
==3410== 1 errors in context 2 of 5:
==3410== Conditional jump or move depends on uninitialised value(s)
==3410== at 0x4E980A4: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410==
==3410== 1 errors in context 3 of 5:
==3410== Conditional jump or move depends on uninitialised value(s)
==3410== at 0x4E9896A: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410==
==3410== 2 errors in context 4 of 5:
==3410== Conditional jump or move depends on uninitialised value(s)
==3410== at 0x4E94905: _itoa_word (_itoa.c:179)
==3410== by 0x4E97F9D: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410==
==3410== 2 errors in context 5 of 5:
==3410== Use of uninitialised value of size 8
==3410== at 0x4E948FB: _itoa_word (_itoa.c:179)
==3410== by 0x4E97F9D: vfprintf (vfprintf.c:1642)
==3410== by 0x4EA0FA5: printf (printf.c:33)
==3410== by 0x1087AA: main (segFault.c:23)
==3410==
==3410== ERROR SUMMARY: 7 errors from 5 contexts (suppressed: 0 from 0)
内存调试可以检测出错误!!!
赋值时候没有对数组越界访问,而打印数据时对数组越界访问,则立即报错!!!这种非法访问比较容易发现。下面这种就不容易发现了,因为下面这种情况程序不报错,能正常运行。
#include <stdio.h>
#include <stdlib.h>
int main()
{
int arr[5]={0,0,0,0,0};
int i=0;
for(i=0;i<6;i++) //会执行arr[5]=5;数组已经越界了
{
arr[i]=i;
}
for(i=0;i<6;i++) //会输出arr[5]=5;数组已经越界了
printf("arr[%d] is %d\r\n",i,arr[i]);
return 0;
}
内存调试输出
==3342== Memcheck, a memory error detector
==3342== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
...
This is line 15 of file segFault.c
arr[0] is 0
arr[1] is 1
arr[2] is 2
arr[3] is 3
arr[4] is 4
arr[5] is 5
--3342-- REDIR: 0x4ed39c0 (libc.so.6:free) redirected to 0x4c30cd0 (free)
==3342==
==3342== HEAP SUMMARY:
==3342== in use at exit: 0 bytes in 0 blocks
==3342== total heap usage: 1 allocs, 1 frees, 1,024 bytes allocated
==3342==
==3342== All heap blocks were freed -- no leaks are possible
==3342==
==3342== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==3342== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
对已经越界的数组进行访问,如果在访问之前越界数组之前对数组越界赋值没有报错或者导致程序终止运行,则访问越界之外的元素程序依然正常运行。数组越界并不一定导致程序崩溃,但是这会对以后的埋下隐患。