函数返回堆栈变量的地址,这将导致意外的程序行为,通常以崩溃的形式。 以下函数返回堆栈地址:
int init(char *device, DriverType driver)
{
int rv = -1;
if (autodetect) {
void *md;
const char *p = NULL;
char buf[PATH_MAX];
*device = 0;
md = discover_media_devices();
if (!md) {
fprintf (stderr, "open: Failed to open \"auto\" device");
if (*device)
fprintf (stderr, " at %s\n", device);
else
fprintf (stderr, "\n");
goto failure;
}
while (1) {
p = get_associated_device(md, p, MEDIA_V4L_RADIO, NULL, NONE);
if (!p)
break;
snprintf(buf, sizeof(buf), "/dev/%s", p);
device = &buf[0];
}
free_media_devices(md);
/* out_of_scope: Variable "buf" goes out of scope */
}
switch (driver) {
case DRIVER_ANY:
case DRIVER_V4L2:
default:
goto try_v4l2;
case DRIVER_V4L1:
goto try_v4l1;
}
try_v4l1:
dev = v4l1_radio_dev_new();
/* use_invalid: Using "device", which points to an out-of-scope variable "buf" */
rv = dev->init (dev, device);
----------------------------
try_v4l2:
dev = v4l2_radio_dev_new();
/* use_invalid: Using "device", which points to an out-of-scope variable "buf" */
rv = dev->init (dev, device);
----------------------------
failure:
return rv;
}
请在代码中帮助解决此问题
答案 0 :(得分:2)
您大致有两种选择:
在调用 init 函数之前在堆栈上分配char:
char ch[PATH_MAX];
init (ch, ...);
使用 malloc 在函数内分配char,并释放 init 函数之外的已分配内存。
int init(char *device, DriverType driver)
{
/*...*/
device = malloc(PATH_MAX);
/*...*/
}
char* p;
init (p, ...);
free(p);
第一种选择更优雅,更有效。