Databases
StackOverflow2013
Postsdbo
POPossible Buffer Overrun
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPossible Buffer Overrun
    primarykey
    data
    text
    <p>I'm having an infuriating issue here where I'm crashing on <code>malloc</code>/<code>calloc</code>/<code>strdup</code> and I'm assuming currently that it's because of a buffer over run somewhere. </p> <p>I'm finding this very difficult to find and I was wondering if any of you can offer me a hand. I'll post code snippets here, and link to full source.</p> <p><strong>File reading and array operations:</strong> (common.c)</p> <p><strong><a href="http://pastebin.com/79wE9hHN" rel="nofollow">Pastebin</a></strong></p> <pre><code>char * S6_ReadFileBytes(const char* path) FILE * file; long length; char * bytes = NULL; file = fopen(path, "r"); fseek(file, 0, SEEK_END) length = ftell(file); fseek(file, 0, 0); bytes = (char*)calloc(1, (size_t)length + 1); fread(bytes, 1, (size_t)length, file); return bytes; S6_Array * S6_ArrayNew(size_t count, size_t typeSize) S6_Array * a = (S6_Array*)malloc(sizeof(S6_Array)); a-&gt;typeSize = typeSize; a-&gt;Length = count; void * S6_ArrayGet(S6_Array * a, int idx) return &amp;((char*)a-&gt;Data)[idx * a-&gt;typeSize]; void S6_ArraySet(S6_Array * a, int idx, void * val) memcpy(&amp;((char*)a-&gt;Data)[idx * a-&gt;typeSize], val, a-&gt;typeSize); void S6_ArrayGrow(S6_Array * a, int amount) void * data; data = realloc(a-&gt;Data, (a-&gt;Length + amount) * a-&gt;typeSize); a-&gt;Data = data; a-&gt;Length += amount; void S6_ArrayPushBack(S6_Array * a, void* val) S6_ArrayGrow(a, 1); S6_ArraySet(a, a-&gt;Length - 1, val); </code></pre> <p><strong>CSV Reading:</strong> (CSV.c)</p> <p><strong><a href="http://pastebin.com/5ecHxQ8m" rel="nofollow">Pastebin</a></strong></p> <pre><code>void S6_CSV_PushRect(S6_Array ** rectangles, S6_Rectangle * rect) if( !*rectangles ) *rectangles = S6_ArrayNew(1, sizeof(S6_Rectangle*)); S6_ArraySet(*rectangles, 0, &amp;rect); else S6_ArrayPushBack(*rectangles, &amp;rect); int S6_CSV_ReadRects(const char* file, S6_Array ** rectangles) char * bytes = S6_ReadFileBytes(file); char * line; char * nameIndex; size_t nameLength; S6_Rectangle * tempRect; line = strtok( bytes , "\n"); while( line ) nameIndex = strstr(line, ","); tempRect = (S6_Rectangle*)calloc(1, sizeof(S6_Rectangle)); nameLength = (size_t)(nameIndex - line) + 1; strncpy(tempRect-&gt;name, line, nameLength-1); tempRect-&gt;name[nameLength-1] = '\0'; sscanf(nameIndex, "%*[,]%d%*[,]%d%*[,]%d%*[,]%d", &amp;tempRect-&gt;x, &amp;tempRect-&gt;y, &amp;tempRect-&gt;w, &amp;tempRect-&gt;h) S6_CSV_PushRect(rectangles , tempRect); strtok(NULL, "\n"); free(bytes); </code></pre> <p><strong>A function where I modify the array:</strong> (BinPacker.c)</p> <p><strong><a href="http://pastebin.com/zMBxAgbe" rel="nofollow">Pastebin</a></strong></p> <pre><code>int S6_BinPacker_Pack(S6_Array * rectangles, int binSize) // This sort appears to be working fine. View pastebin for test. qsort(rectangles-&gt;Data, rectangles-&gt;Length, sizeof(S6_Rectangle*), S6_BinPacker_CompareRects); </code></pre> <p><strong>CSV Writing [CRASH] :</strong> (CSV.c)</p> <p><strong><a href="http://pastebin.com/5ecHxQ8m" rel="nofollow">Pastebin</a></strong></p> <pre><code>void S6_CSV_WriteRects(const char* file, S6_Array * rectangles) char * bytes = NULL; char buffer[128]; S6_Rectangle * tempRect; size_t i; for( i = 0; i &lt; rectangles-&gt;Length; ++i) tempRect = *(S6_Rectangle**)S6_ArrayGet(rectangles, i); memset(buffer, '\0', sizeof(buffer)); sprintf(buffer, "%s,%d,%d,%d,%d\n", tempRect-&gt;name, temprect-&gt;x, temprect-&gt;y, temprect-&gt;w, temprect-&gt;h); if( bytes ) bytes = strcat(bytes, _strdup(buffer)); else bytes = _strdup(buffer); </code></pre> <p>So I'm crashing here on the <code>strcat(bytes, _strdup(buffer))</code> line. When I separate it out It's still the string duplication or any sort of allocation I've tried. </p> <p>I get the following break dialog from visual studio:</p> <pre><code>Windows has triggered a breakpoint in myapp.exe. This may be due to a corruption of the heap, which indicates a bug in Slant6.Debug.exe or any of the DLLs it has loaded. This may also be due to the user pressing F12 while Slant6.Debug.exe has focus. The output window may have more diagnostic information. </code></pre> <p>And the break point it triggers is in tidtable.c on </p> <pre><code>PFLS_GETVALUE_FUNCTION flsGetValue = FLS_GETVALUE; </code></pre> <p><strong>SOLUTION</strong></p> <p>strdup doesn't do any allocations, and even if it did I would be leaking like crazy. So instead of:</p> <pre><code>bytes = strcat(bytes, _strdup(buffer)); </code></pre> <p>in CSV.c, I replaced it with some manual string concatenation that's easier for me to read (and remember).</p> <pre><code>size_t oldSize = strlen(bytes); size_t bufferSize = strlen(buffer); size_t newSize = oldSize + bufferSize ; char * newMem = (char*)calloc(newSize + 1, 1); memcpy(newMem, bytes, newSize); memcpy(&amp;newMem[oldSize], buffer, bufferSize); free(bytes); bytes = newMem; </code></pre> <p><strong>/SOLUTION</strong></p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USXoorath
    1. USXoorath
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. COAre you really using no braces, or is this an error typing into stackoverflow? This isn't python, you need those braces.
      singulars
      1. POPossible Buffer Overrun
      1. USGodwin
    2. COYou need to free the memory returned by _strdup (i.e. can't just pass it as a parameter to another funciton like strcat).
      singulars
      1. POPossible Buffer Overrun
      1. UScrashmstr
    3. COThere seem to be braces missing. Anyway, without having analysed the code in detail, I'm pretty sure that you should set `a->Data` in `S6_ArrayNew`, probably to a newly allocated block of either `count` or `count+1` bytes (it's not clear to me what `count` *exactly* means here, but I notice that in `S6_ReadFileBytes` you allocate an extra byte beyond the file size). Maybe this already solves your problem.
      singulars
      1. POPossible Buffer Overrun
      1. USceltschk
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload