strcat segmentation fault
The second call to strcat here is generating a segmentation fault, why?
#include
#include
#include
-
I tried your code, and also see the segfault on the second
strcat(). I found thatcommand[250]is allocated immediately afterwhitespaceseparator[2]on the stack on my system:(gdb) p &whitespaceseparator $1 = (char (*)[2]) 0xbf90acd4 (gdb) p &command $2 = (char (*)[250]) 0xbf90acd6e.g. (here
commandbegins"foo..."), things are layed out like this:whitespaceseparator | | command | | v v +---+---+---+---+---+---+---+---+ |' '| 0 |'f'|'o'|'o'|'.'|'.'|'.'| ... +---+---+---+---+---+---+---+---+I can't guarantee that the same happens on your system (layout of locals on the stack may vary even between different versions of the same compiler), but it seems likely. On mine, here is exactly what happens:
As others have said,
strcat()appends the second string to the first (and the result will be equal to the first argument). So, the firststrcat()overflowswhitespaceseparator[](and returnswhitespaceseparatoraswhitespace_and_pid):+---+---+---+---+---+---+---+---+ |' '|'1'|'2'|'3'|'4'| 0 |'.'|'.'| ... +---+---+---+---+---+---+---+---+The second
strcat()tries to appendwhitespace_and_pid(==whitespaceseparator) to the string atcommand. The first character of the copy will overwrite the terminating 0 of the string atcommand:| ===copy===> | v v +---+---+---+---+---+---+---+---+ |' '|'1'|'2'|'3'|'4'|' '|'.'|'.'| ... +---+---+---+---+---+---+---+---+The copy continues...
| ===copy===> | v v +---+---+---+---+---+---+---+---+ |' '|'1'|'2'|'3'|'4'|' '|'1'|'.'| ... +---+---+---+---+---+---+---+---+ | ===copy===> | v v +---+---+---+---+---+---+---+---+ |' '|'1'|'2'|'3'|'4'|' '|'1'|'2'| ... +---+---+---+---+---+---+---+---+and will carry on copying
" 1234 1234 1234"... until it falls off the end of the process address space, at which point you get a segfault.
加载中...
- 热议问题