今天发现strncpy使用上的一个古怪bug, 解决了是发现对strncpy的语义理解错误。
SYNOPSIS
#include <string.h>
char *strcpy(char *dest, const char *src);
char *strncpy(char *dest, const char *src, size_t n);
DESCRIPTION
The strcpy() function copies the string pointed to by src (including
the terminating '\0' character) to the array pointed to by dest. The
strings may not overlap, and the destination string dest must be large
enough to receive the copy.
The strncpy() function is similar, except that not more than n bytes of
src are copied. Thus, if there is no null byte among the first n bytes
of src, the result will not be null-terminated.
[color=red]In the case where the length of src is less than that of n, the remain-
der of dest will be padded with null bytes.[/color]
请非常注意上面的红字:
1. 低效率的padding 因为常规情况下buffer要比实际的字符串大的多,所以无辜的填充。
2. 一旦不小心你的n 比 buffer的长度大 那就死惨了 内存狂越界写。
这种情况经常发生在你把buffer的长度改小了 但是后面的n没有相应地改。
相信很多人会遭受这个使用bug.
SYNOPSIS
#include <string.h>
char *strcpy(char *dest, const char *src);
char *strncpy(char *dest, const char *src, size_t n);
DESCRIPTION
The strcpy() function copies the string pointed to by src (including
the terminating '\0' character) to the array pointed to by dest. The
strings may not overlap, and the destination string dest must be large
enough to receive the copy.
The strncpy() function is similar, except that not more than n bytes of
src are copied. Thus, if there is no null byte among the first n bytes
of src, the result will not be null-terminated.
[color=red]In the case where the length of src is less than that of n, the remain-
der of dest will be padded with null bytes.[/color]
请非常注意上面的红字:
1. 低效率的padding 因为常规情况下buffer要比实际的字符串大的多,所以无辜的填充。
2. 一旦不小心你的n 比 buffer的长度大 那就死惨了 内存狂越界写。
这种情况经常发生在你把buffer的长度改小了 但是后面的n没有相应地改。
相信很多人会遭受这个使用bug.
3367
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
