更新了Leetcode上的合并间隔问题#56(特别是在C中)
Leetcode问题#56“合并间隔”于2019年4月更新,现在采用输入/输出参数int**returnColumnSizes。为什么返回的列大小甚至是一个双指针,而单指针/数组就可以了(返回数组的所有长度都应该是2,所以会有*returnSize number of 2s)。这个双指针参数导致堆缓冲区溢出,阻止我的程序运行到完成 如果我返回的数组数组大小仅为1,并且我执行了底部代码中所示的操作,那么它将顺利通过。一旦我增加了数组的数量(以及returnColumnSizes的行数),我就会在下面粘贴错误更新了Leetcode上的合并间隔问题#56(特别是在C中),c,pointers,C,Pointers,Leetcode问题#56“合并间隔”于2019年4月更新,现在采用输入/输出参数int**returnColumnSizes。为什么返回的列大小甚至是一个双指针,而单指针/数组就可以了(返回数组的所有长度都应该是2,所以会有*returnSize number of 2s)。这个双指针参数导致堆缓冲区溢出,阻止我的程序运行到完成 如果我返回的数组数组大小仅为1,并且我执行了底部代码中所示的操作,那么它将顺利通过。一旦我增加了数组的数量(以及returnColumnSizes的行数),我就会在下
returnColumnSizes[0] = (int*)malloc(sizeof(int));
returnColumnSizes[0][0] = 2;
/* Below code causes overflow
for (int i = 0; i < *returnSize; i++)
{
returnColumnSizes[i] = (int*)malloc(sizeof(int));
returnColumnSizes[i][0] = 2;
}
*/
=================================================================
==30==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000b8 at pc 0x000000405644 bp 0x7ffc16dbf5c0 sp 0x7ffc16dbf5b8
READ of size 4 at 0x6020000000b8 thread T0
#3 0x7f1287f2e2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
0x6020000000b8 is located 0 bytes to the right of 8-byte region [0x6020000000b0,0x6020000000b8)
allocated by thread T0 here:
#0 0x7f12893b82b0 in malloc (/usr/local/lib64/libasan.so.5+0xe82b0)
#3 0x7f1287f2e2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
Shadow bytes around the buggy address:
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff8000: fa fa 00 00 fa fa 00 fa fa fa 00 fa fa fa 00 fa
=>0x0c047fff8010: fa fa 00 fa fa fa 00[fa]fa fa 04 fa fa fa fd fa
0x0c047fff8020: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
0x0c047fff8030: fa fa fd fd fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==30==ABORTING
returnColumnSizes[0]=(int*)malloc(sizeof(int));
返回列大小[0][0]=2;
/*下面的代码导致溢出
对于(int i=0;i<*returnSize;i++)
{
returnColumnSizes[i]=(int*)malloc(sizeof(int));
返回列大小[i][0]=2;
}
*/
=================================================================
==30==错误:AddressSanitizer:计算机0x000000405644 bp 0x7ffc16dbf5c0 sp 0x7ffc16dbf5b8上的地址0x6020000000b8上的堆缓冲区溢出
在0x6020000000b8螺纹T0处读取尺寸4
#3 0x7f1287f2e2e0位于libc_start_main(/lib/x86_64-linux-gnu/libc.so.6+0x202e0)中
0x6020000000b8位于8字节区域右侧0字节处[0x6020000000b0,0x6020000000b8)
此处由线程T0分配:
#malloc中的0 0x7f12893b82b0(/usr/local/lib64/libasan.so.5+0xe82b0)
#3 0x7f1287f2e2e0位于libc_start_main(/lib/x86_64-linux-gnu/libc.so.6+0x202e0)中
错误地址周围的阴影字节:
0x0c047fff7fc0:00 00
0x0c047fff7fd0:00 00
0x0c047fff7fe0:00 00
0x0c047fff7ff0:00 00
0x0c047fff8000:fa 00 fa 00 fa 00 fa 00 fa 00 fa 00 fa
=>0x0c047fff8010:fa 00 fa 00[fa]fa 04 fa fa fd fa
0x0c047fff8020:fa-fa-fd-fa-fd-fa-fd-fa
0x0c047fff8030:fa-fd-fa-fa
0x0c047fff8040:fa fa
0x0c047fff8050:fa fa
0x0c047fff8060:fa fa
阴影字节图例(一个阴影字节代表8个应用程序字节):
地址:00
部分可寻址:01 02 03 04 05 06 07
堆左红色区域:fa
释放的堆区域:fd
堆栈左红色区域:f1
堆栈中间红色区域:f2
堆栈右红色区域:f3
返回后堆栈:f5
堆栈在作用域之后使用:f8
全球红色地带:f9
全局初始化顺序:f6
用户中毒:f7
容器溢出:fc
数组cookie:ac
对象内红色区域:bb
ASan内部:fe
左阿洛卡红区:ca
右阿洛卡红区:cb
==30==中止