StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPossible buffer overflow issue
primarykey
Id
8441439
data
AcceptedAnswerId
8441554
AnswerCount
3
ClosedDate
CommentCount
7
CommunityOwnedDate
CreationDate
2011-12-09T05:24:39.897
FavoriteCount
0
LastActivityDate
2011-12-09T07:44:51.767
LastEditDate
2011-12-09T05:44:47.290
LastEditorUserId
724695
OwnerUserId
724695
ParentId
0
PostTypeId
1
Score
0
ViewCount
160
LastEditorDisplayName
text
Body
I have the following code written in C++ to extract a given range of text in a Piece Table data structure. Here is the function of class PieceTable that stores the given range of text in the character array <code>buffer</code> : <pre><code>void PieceTable::getTextInRange(unsigned __int64 startPos, unsigned __int64 endPos, char buffer[]){ char* totalBuffer = new char[getSize() + 2]; getBuffer(totalBuffer); if(endPos >= getSize()) endPos = getSize() - 1; cout<<"startPos : "<<startPos<<endl; cout<<"endPos : "<<endPos<<endl; memcpy(buffer, &totalBuffer[startPos], endPos - startPos + 1); buffer[endPos - startPos + 2] = '\0'; if(totalBuffer != 0) delete[] totalBuffer; totalBuffer = 0; } </code></pre> Here is the piece of code in the main method which i use to test this code : <pre><code>temp2 = new char[end - start + 2]; //changing 2 to 3 solves the problem pieceTable.getTextInRange(Start, end, temp2); for(int i = 0; i< end - start + 1; i++) cout<<temp2[i]; cout<<endl; if( temp2 != 0) { delete[] temp2; //this line causes the heap corruption error temp2 = 0; } </code></pre> Declaration of <code>temp2</code> : <code>char* temp2;</code> Whenever the program encounters the <code>delete[] temp2</code> statement, there is a heap corruption error. The problem does not occur if I allocate memory for temp2 as: <code>temp2 = new char[end - start + 3]</code> So, basically changing the length solves the problem. I know that I am messing up with the lengths somewhere, but I can't figure out where. EDIT : getSize() : <pre><code>__int64 PieceTable::getSize() { return dList.getLength(dList.getBack()); } </code></pre> I am using a piece table data structure. Here it is, inside this paper:http://www.cs.unm.edu/~crowley/papers/sds.pdf I may be wrong, but I don't think that there is any problem with <code>getSize()</code>, since the function I use to retrieve the length of the entire buffer <code>getBuffer</code>, works as shown in the code. 
Tags
<c++><buffer-overflow>
Title
Possible buffer overflow issue
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USdevjeetroy
UserOwnerUserId
1. USdevjeetroy
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.