结构初始化导致seg错误

时间:2012-06-04 04:32:48

标签: c struct gdb valgrind

以下代码会导致分段错误。可执行文件名为“./struct”

#include <stdio.h>
#define VERSION_NUMBER_LEN 32
#define MAX_DESCRIPTION_COUNT 32
#define DESCRIPTION_LEN 128
int main(void)
{
    struct foo {
        char number[VERSION_NUMBER_LEN + 1];
        char description[MAX_DESCRIPTION_COUNT][DESCRIPTION_LEN];
    };

    struct foo asdf = {
        "1.1", { "clap", "clap", "stomp", NULL }
    };

    struct foo hjkl = {
        "1.2", { "clop", "clop", "stamp", NULL }
    };

    int i;
    printf( "%s\n", asdf.number );
    for( i = 0; (asdf.description)[i] != NULL; i++ ){
        printf( "\t%s\n", (asdf.description)[i]);
    }
    printf("\n");
    printf( "%s\n", hjkl.number );
    for( i = 0; (hjkl.description)[i] != NULL; i++ ){
        printf( "\t%s\n", (hjkl.description)[i]);
    }
}

输出如下:

1.1
    clap
    clap
    stomp






��
    N���~�����������ջ�����e���t�����������A���P���b���������������̽��㽊����,���V���g���y���������������̾��    ���k�����������Ͽ��迊�
    迊�





    ome/tiger
    56
    y
    vZxy/ssh
    ptop:/tmp/.ICE-unix/2710
    usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:~/bin:~/vitetris-0.3.6:/var/lib/gems/1.8/bin/
    baz
    GNOME_KEYRING_PID=2692
    t \w\n\$
    XDG_DATA_DIRS=/usr/share/gnome:/usr/local/share/:/usr/share/
    9a6bf0ef61ded7872065094fca55d1
    se
Segmentation fault

我跑了valgrind:

$ valgrind -v --leak-check=full --track-origins=yes ./struct  

<snip>

==15228== Conditional jump or move depends on uninitialised value(s)
==15228==    at 0x402605B: __GI_strlen (mc_replace_strmem.c:284)
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  Uninitialised value was created by a stack allocation
==15228==    at 0x4060B01: (below main) (libc-start.c:96)
==15228==
==15228== Conditional jump or move depends on uninitialised value(s)
==15228==    at 0x4026067: __GI_strlen (mc_replace_strmem.c:284)
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  Uninitialised value was created by a stack allocation
==15228==    at 0x4060B01: (below main) (libc-start.c:96)
==15228==
==15228== Invalid read of size 1
==15228==    at 0x4026058: __GI_strlen (mc_replace_strmem.c:284)
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  Address 0xbec1007c is not stack'd, malloc'd or (recently) free'd
==15228==
==15228==
==15228== Process terminating with default action of signal 11 (SIGSEGV)
==15228==  Access not within mapped region at address 0xBEC1007C
==15228==    at 0x4026058: __GI_strlen (mc_replace_strmem.c:284)
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  If you believe this happened as a result of a stack
==15228==  overflow in your program's main thread (unlikely but
==15228==  possible), you can try to increase the size of the
==15228==  main thread stack using the --main-stacksize= flag.
==15228==  The main thread stack size used in this run was 8388608.
==15228== Syscall param write(buf) points to uninitialised byte(s)
==15228==    at 0x4107DC3: __write_nocancel (syscall-template.S:82)
==15228==    by 0x40B0A1E: new_do_write (fileops.c:530)
==15228==    by 0x40B0D35: _IO_do_write@@GLIBC_2.1 (fileops.c:503)
==15228==    by 0x40B181C: _IO_file_overflow@@GLIBC_2.1 (fileops.c:881)
==15228==    by 0x40B2DED: _IO_flush_all_lockp (genops.c:849)
==15228==    by 0x40B3A4F: _IO_cleanup (genops.c:1010)
==15228==    by 0x41670F0: ??? (in /lib/tls/i686/cmov/libc-2.11.1.so)
==15228==    by 0x401F4F3: _vgnU_freeres (vg_preloaded.c:62)
==15228==    by 0xBEC0D5F7: ???
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  Address 0x402a054 is not stack'd, malloc'd or (recently) free'd
==15228==  Uninitialised value was created by a stack allocation
==15228==    at 0x4060B01: (below main) (libc-start.c:96)

<snip>

==15228== HEAP SUMMARY:
==15228==     in use at exit: 0 bytes in 0 blocks
==15228==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==15228==
==15228== All heap blocks were freed -- no leaks are possible
==15228==
==15228== ERROR SUMMARY: 7 errors from 4 contexts (suppressed: 12 from 7)
==15228==
==15228== 1 errors in context 1 of 4:
==15228== Syscall param write(buf) points to uninitialised byte(s)
==15228==    at 0x4107DC3: __write_nocancel (syscall-template.S:82)
==15228==    by 0x40B0A1E: new_do_write (fileops.c:530)
==15228==    by 0x40B0D35: _IO_do_write@@GLIBC_2.1 (fileops.c:503)
==15228==    by 0x40B181C: _IO_file_overflow@@GLIBC_2.1 (fileops.c:881)
==15228==    by 0x40B2DED: _IO_flush_all_lockp (genops.c:849)
==15228==    by 0x40B3A4F: _IO_cleanup (genops.c:1010)
==15228==    by 0x41670F0: ??? (in /lib/tls/i686/cmov/libc-2.11.1.so)
==15228==    by 0x401F4F3: _vgnU_freeres (vg_preloaded.c:62)
==15228==    by 0xBEC0D5F7: ???
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  Address 0x402a054 is not stack'd, malloc'd or (recently) free'd
==15228==  Uninitialised value was created by a stack allocation
==15228==    at 0x4060B01: (below main) (libc-start.c:96)
==15228==
==15228==

==15228== 1 errors in context 2 of 4:
==15228== Invalid read of size 1
==15228==    at 0x4026058: __GI_strlen (mc_replace_strmem.c:284)
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  Address 0xbec1007c is not stack'd, malloc'd or (recently) free'd
==15228==
==15228==
==15228== 1 errors in context 3 of 4:
==15228== Conditional jump or move depends on uninitialised value(s)
==15228==    at 0x402605B: __GI_strlen (mc_replace_strmem.c:284)
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  Uninitialised value was created by a stack allocation
==15228==    at 0x4060B01: (below main) (libc-start.c:96)
==15228==
==15228==
==15228== 4 errors in context 4 of 4:
==15228== Conditional jump or move depends on uninitialised value(s)
==15228==    at 0x4026067: __GI_strlen (mc_replace_strmem.c:284)
==15228==    by 0x408A79E: vfprintf (vfprintf.c:1617)
==15228==    by 0x40912BF: printf (printf.c:35)
==15228==    by 0x8048910: main (in /home/tiger/dev/development/c/play/struct)
==15228==  Uninitialised value was created by a stack allocation
==15228==    at 0x4060B01: (below main) (libc-start.c:96)
==15228==
--15228--
--15228-- used_suppression:     12 dl-hack3-cond-1
==15228==
==15228== ERROR SUMMARY: 7 errors from 4 contexts (suppressed: 12 from 7)

好的...所以我有几个内存位置,valgrind显示为未初始化,但我不知道如何...内部的结构和字符串是静态定义的,并且结构的每个实例都是显式声明的

我认为当访问第二个结构(hjkl)中的一个元素时会发生分段错误。

跑gdb ......

(gdb) p asdf
$1 = {number = "1.1", '\000' <repeats 29 times>, description = {"clap", '\000' <repeats 123 times>, "clap", '\000' <repeats 123 times>, 
"stomp", '\000' <repeats 122 times>, '\000' <repeats 127 times> <repeats 29 times>}}

(gdb) p hjkl
$2 = {number = "1.2", '\000' <repeats 29 times>, description = {"clop", '\000' <repeats   123 times>, "clop", '\000' <repeats 123 times>, 
"stamp", '\000' <repeats 122 times>, '\000' <repeats 127 times> <repeats 29 times>}}

我只是没有看到导致分段错误的原因......

3 个答案:

答案 0 :(得分:4)

您的测试(asdf.description)[i] != NULL已被破坏,永远不会成真。这是修复:

#include <stdio.h>
#define VERSION_NUMBER_LEN 32
#define MAX_DESCRIPTION_COUNT 32
#define DESCRIPTION_LEN 128
int main(void)
{
    struct foo {
        char number[VERSION_NUMBER_LEN + 1];
        char description[MAX_DESCRIPTION_COUNT][DESCRIPTION_LEN];
    };

    struct foo asdf = {
        "1.1", { "clap", "clap", "stomp", "" }
    };

    struct foo hjkl = {
        "1.2", { "clop", "clop", "stamp", "" }
    };

    int i;
    printf( "%s\n", asdf.number );
    for( i = 0; (asdf.description)[i][0] != 0; i++ ){
        printf( "\t%s\n", (asdf.description)[i]);
    }
    printf("\n");
    printf( "%s\n", hjkl.number );
    for( i = 0; (hjkl.description)[i][0] != 0; i++ ){
        printf( "\t%s\n", (hjkl.description)[i]);
    }
}

答案 1 :(得分:4)

问题不在于你的初始化字符串本身,而在于字符数组与字符指针的混淆。

特别是,这不符合你的想法:

struct foo asdf = {
    "1.1", { "clap", "clap", "stomp", NULL }
};

您正在使用字符串clap,clap和stomp OK初始化foo::description[][],但之后您将第二个字符串的第一个字符分配给{{ 1}}。如果您指定指针,这将有效,但您尝试将NULL转换为字符数组,而不是将指向字符的指针设置为NULL,如果这有意义的话。 / p>

您正在检查指针是否为NULL,因为数组是预先声明的,所以它永远不会出现。

简单地改变

NULL

for( i = 0; (hjkl.description)[i] != NULL; i++ ){

也就是说,检查数组中每个字符串的第一个索引中的for( i = 0; *(hjkl.description)[i] != NULL; i++ ){ 字符,而不是尝试检查字符指针的(不可能)条件本身就是NULL

最终完成的代码:

NULL

如果结构如下所示,您的代码工作:

#include <stdio.h>
#define VERSION_NUMBER_LEN 32
#define MAX_DESCRIPTION_COUNT 32
#define DESCRIPTION_LEN 128
int main(void)
{
    struct foo {
        char number[VERSION_NUMBER_LEN + 1];
        char description[MAX_DESCRIPTION_COUNT][DESCRIPTION_LEN];
    };

    struct foo asdf = {
        "1.1", { "clap", "clap", "stomp", NULL }
    };

    struct foo hjkl = {
        "1.2", { "clop", "clop", "stamp", NULL }
    };

    int i;
    printf( "%s\n", asdf.number );
    for( i = 0; *(asdf.description)[i] != NULL; i++ ){
        printf( "\t%s\n", (asdf.description)[i]);
    }
    printf("\n");
    printf( "%s\n", hjkl.number );
    for( i = 0; *(hjkl.description)[i] != NULL; i++ ){
        printf( "\t%s\n", (hjkl.description)[i]);
    }
}

基本上,我(从我所看到的)没有真正需要对实际描述字符数组本身进行硬编码,只需要编写它们的数量。你的其余代码就可以了。

另外,如果您在编译期间查看警告(假设struct foo { char number[VERSION_NUMBER_LEN + 1]; char *description[MAX_DESCRIPTION_COUNT]; }; 被定义为NULL,就像在大多数现代C编译器上一样),您将收到以下警告:

((void *)0)

答案 2 :(得分:3)

虽然宏NULL 意图(至少是由那些首先定义它的人)专门用作指针值,但它通常是#define d一个简单的:

#define NULL 0

这可能适用于您的实施(这里不重要,除了插图;它可以定义为(void *)0而不更改下面的结果 - 但这会导致编译时抱怨您的初始化)。让我们首先考虑以上内容扩展第一个for循环:

for (i = 0; (asdf.description)[i] != 0; i++) {
    printf( "\t%s\n", (asdf.description)[i]);
}

(旁注:这里的括号不是必需的,因为.和下标运算符的绑定已经是括号强制的绑定。)每个asdf.description[i]命名一个完整的数组(大小为{ {1}} {1}}。因此,您正在比较:

DESCRIPTION_LEN

数组对象的“值”是指向数组第一个元素的指针,因此其含义与:

char

指针值(<some array of char> != 0 )与整数常量零的比较测试指针是否为NULL(不是“宏&asdf.description[i][0] != 0 而是”系统的NULL指针的内部表示“)。有效指针的地址永远不会比较等于0,所以循环运行(实际上)“永远”(当然直到i> = 32)。

最后,对&asdf.description[i][0]的调用会传递一个指针值,导致您看到的细分错误。

据推测,你真正要做的是在最后一个有全零字节NULL s(或至少是一个初始零字节)的有效数据之后初始化数组。在这种情况下,循环测试应为:

printf

您可能还会考虑32元素数组(char的数组asdf.description[i][0] != '\0' )完全填充有效的char-char数组的可能性。在这种情况下,您应该在查看DESCRIPTION_LEN之前检查char的值:

i