cppcheck 抱怨 Buffer 被越界访问。为什么以及如何修复?
cppcheck complains Buffer is accessed out of bounds. Why and how do I fix?
下面的代码可以重现。在这种情况下,cppcheck 报告越界错误是否正确? memcpy在线报错。
#include <stdint.h>
#include <string.h>
#include <stdio.h>
typedef struct {
uint32_t serial_number;
uint8_t software_version[15];
} STATIC_HARDWARE_DATA;
typedef struct {
uint16_t result_code;
uint8_t startup_type;
STATIC_HARDWARE_DATA payment_data;
} MSG_DETAILS;
int main() {
MSG_DETAILS msg = {0};
msg.result_code = 0;
msg.startup_type = 2;
msg.payment_data.serial_number = 0xAAAA;
// on line below cppcheck says: Buffer is accessed out of bounds
memcpy(msg.payment_data.software_version, "1.01A", 15);
printf("%s", msg.payment_data.software_version); // prints correct 1.01A
/* in memory msg.payment_data.software_version is:
'1', '.', '0', '1', 'A', '[=10=]', '[=10=]', '[=10=]', '_', '[=10=]', '_', 'n', '[=10=]', 'a'
The characters on end of array are unexpected?
*/
}
字符串文字 "1.01A" 给你一个指向六个字符数组的指针,你尝试从中读取 15 个字符。由于您越界读取数据,因此您有 未定义的行为,因为该内容是 不确定的。
#include <stdint.h>
#include <string.h>
#include <stdio.h>
typedef struct {
uint32_t serial_number;
uint8_t software_version[15];
} STATIC_HARDWARE_DATA;
typedef struct {
uint16_t result_code;
uint8_t startup_type;
STATIC_HARDWARE_DATA payment_data;
} MSG_DETAILS;
int main() {
MSG_DETAILS msg = {0};
msg.result_code = 0;
msg.startup_type = 2;
msg.payment_data.serial_number = 0xAAAA;
// on line below cppcheck says: Buffer is accessed out of bounds
memcpy(msg.payment_data.software_version, "1.01A", 6);//<-- size should be 6 including [=10=].
printf("%s", msg.payment_data.software_version); // prints correct 1.01A
/* in memory msg.payment_data.software_version is:
'1', '.', '0', '1', 'A', '[=10=]', '[=10=]', '[=10=]', '_', '[=10=]', '_', 'n', '[=10=]', 'a'
The characters on end of array are unexpected?
*/
}
o/p:
rabi@rabi-VirtualBox:~/rabi/c$ gcc gg.c
rabi@rabi-VirtualBox:~/rabi/c$ ./a.out
1.01A
下面的代码可以重现。在这种情况下,cppcheck 报告越界错误是否正确? memcpy在线报错。
#include <stdint.h>
#include <string.h>
#include <stdio.h>
typedef struct {
uint32_t serial_number;
uint8_t software_version[15];
} STATIC_HARDWARE_DATA;
typedef struct {
uint16_t result_code;
uint8_t startup_type;
STATIC_HARDWARE_DATA payment_data;
} MSG_DETAILS;
int main() {
MSG_DETAILS msg = {0};
msg.result_code = 0;
msg.startup_type = 2;
msg.payment_data.serial_number = 0xAAAA;
// on line below cppcheck says: Buffer is accessed out of bounds
memcpy(msg.payment_data.software_version, "1.01A", 15);
printf("%s", msg.payment_data.software_version); // prints correct 1.01A
/* in memory msg.payment_data.software_version is:
'1', '.', '0', '1', 'A', '[=10=]', '[=10=]', '[=10=]', '_', '[=10=]', '_', 'n', '[=10=]', 'a'
The characters on end of array are unexpected?
*/
}
字符串文字 "1.01A" 给你一个指向六个字符数组的指针,你尝试从中读取 15 个字符。由于您越界读取数据,因此您有 未定义的行为,因为该内容是 不确定的。
#include <stdint.h>
#include <string.h>
#include <stdio.h>
typedef struct {
uint32_t serial_number;
uint8_t software_version[15];
} STATIC_HARDWARE_DATA;
typedef struct {
uint16_t result_code;
uint8_t startup_type;
STATIC_HARDWARE_DATA payment_data;
} MSG_DETAILS;
int main() {
MSG_DETAILS msg = {0};
msg.result_code = 0;
msg.startup_type = 2;
msg.payment_data.serial_number = 0xAAAA;
// on line below cppcheck says: Buffer is accessed out of bounds
memcpy(msg.payment_data.software_version, "1.01A", 6);//<-- size should be 6 including [=10=].
printf("%s", msg.payment_data.software_version); // prints correct 1.01A
/* in memory msg.payment_data.software_version is:
'1', '.', '0', '1', 'A', '[=10=]', '[=10=]', '[=10=]', '_', '[=10=]', '_', 'n', '[=10=]', 'a'
The characters on end of array are unexpected?
*/
}
o/p:
rabi@rabi-VirtualBox:~/rabi/c$ gcc gg.c
rabi@rabi-VirtualBox:~/rabi/c$ ./a.out
1.01A