Overview
Array subscript starting from 0, although from beginners have already known, "traps and defects" repeated emphasis, and in the fingertip movement, there are a few careless, let "sperm" fell into this "hole"! Second, the C language string must end with 0!
Bug
1-Dynamic malloc or statically assigned size size string, storing size characters, resulting in no 0 finishing touches, crossing the cordon, standing on the edge of the cliff!
2-Dynamic malloc or statically assign size size string, access or set [size] character
3-Dynamic malloc or statically assigned size size string, no initialization, resulting in no 0 finishing, read the entire string out of bounds (VC common hot hot ... , a person who was just beginning to learn that he saw a frightened, thought the machine is going to be out of luck, can encounter a 0 end output in the cross-border memory, not lucky, paragraph error, you as an attacker, violence aborted!
Sample Bug Demo:
string = search_get_string_hash_table (Word), if (string = = NULL) {////hash table does not exist in this string = malloc_str (size);//Allocate memory and copy if ( string = = NULL) return err_mem;strncpy (string, Word, size); String[size + 1] = 0; Bug,->string[size] = 0; Notice that the size+1 byte is allocated in Malloc_str, so the last one is string[size]put_string_hash_table (string);//Put in a hash table} This string return string exists in the hash table;
This is a personal code, remember to write the strncpy, immediately after the string [size + 1] = 0; end of sentence. Copy the size byte, size+1 byte end, want to take more than think of a bit, think very natural ^_^, knocking is quite chic. Wipe and wait until a bunch of unnecessary strings appear on the table, it's not cool. Though it's very low, it always happens. Although not usually committed, staying up late is likely to happen. This is a vivid example of how the details determine success or failure, four or two.
The workaround:
1-Dynamically allocated with call memset (addr, 0, size), static = {0} initialized, nurturance habit
2-access to border characters when the subscript and size is not the difference 1
3-If you need to visit, then the descending order of the array, the subscript with 0 end is a good choice, but the string is generally not feasible! The string has no reverse output.
4-The most stupid way: Remember the array subscript range [0-size-1], use time to look at two more eyes!
5-The interface you need to package yourself
6-Use the C++string library, it will simplify your tense mood
String array out of bounds bug (2)