記錄一個(gè)棧被寫壞崩潰的實(shí)例

demo如下:

int main()

{

        std::string first("adfgx");

        char fuk[4]= {0};

        std::string second("ddddxxx");

        fuk[4] = '\0';   

        std::cout << first << ": " << fuk << ": " << second << std::endl;

        return 0;

}

fuk[4] 的地址是first的data(堆棧是向下生長),指針被寫壞,析構(gòu)時(shí)崩潰。

gdb堆棧信息如下:


(gdb) n

11              std::cout << first << ": " << fuk << ": " << second << std::endl;

(gdb) p fuk

$1 = "\000\000\000"

(gdb) p &fuk

$2 = (char (*)[4]) 0x7fffffffe3fc

(gdb) p &(fuk[4])

$3 = 0x7fffffffe400 ""

(gdb) p first

$4 = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x7fffffffe400 ""},

  _M_string_length = 5, {_M_local_buf = "adfgx\000\000\000\000\000\000\000\000\000\000", _M_allocated_capacity = 517130839137}}

(gdb) p second

$5 = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x7fffffffe3e0 "ddddxxx"},

  _M_string_length = 7, {_M_local_buf = "ddddxxx\000\377\377\000\000\001\000\000", _M_allocated_capacity = 33909455680988260}}
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容