调用free命令释放内存会导致我的程序崩溃。为什么呢?

时间:2017-01-29 19:48:47

标签: c crash free dynamic-memory-allocation

我编写了一个使用vigenere密码加密和解密消息的程序。加密部分工作正常,问题是解密部分:当我想使用free()取消分配char *时,我的程序崩溃了。当我不解除它时,该程序工作正常,但不会崩溃。 这是程序代码:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>

int main(void) {
    int choice, check, error;
    char ch;
    printf("What do you want to do?\n"
           "1...Decode a message that is saved in a ciphertext.txt file.\n"
           "2...Encode a message and save it in a ciphertext.txt file.\n");
    do {
        error = 0;
        check = scanf("%d%c", &choice, &ch);
        if (check != 2 || ch != '\n' || choice < 1 || choice > 2) {
            printf("Error: Invalid input!\n");
            error = 1;
        }
        fflush(stdin);
    } while (error);
    if (choice == 2) {
        FILE *fp = fopen("ciphertext.txt", "w+");
        char buffer[1000];
        char *p, *q, *r;
        char *encryption_text;
        char *encrypted;
        char *decrypted;
        printf("What are bad characters?\n");
        printf("-Everything except A-Z and a-z.\n");
        printf("Plaintext: ");
        gets(buffer);
        decrypted = (char *)malloc(strlen(buffer));
        strcpy(decrypted, buffer);
        printf("Key: ");
        gets(buffer);
        encryption_text = (char *)malloc(strlen(buffer));
        strcpy(encryption_text, buffer);
        encrypted = (char *)malloc(strlen(decrypted));
        strcpy(encrypted, decrypted);
        putchar('\n');
        p = decrypted;
        q = encryption_text;
        r = encrypted;
        if (strlen(q) > strlen(p)) {
            printf("The key has to be shorter or equal length as the plaintext.");
            return 0;
        }
        while (*p != '\0') {
            if (!(*p >= 'A' && *p <= 'Z') && !(*p >= 'a' && *p <= 'z')) {
                printf("Bad characters.");
                return 0;
            }
            if (*q == '\0') {
                q = encryption_text;
            } else if (!(*q >= 'A' && *q <= 'Z') && !(*q >= 'a' && *q <= 'z')) {
                printf("Bad characters.");
                return 0;
            }
            if (*p >= 'a' && *p <= 'z') *p -= ' ';
            if (*q >= 'a' && *q <= 'z') *q -= ' ';
            *r = (*p - 'A' + *q - 'A') % 26 + 'A';
            p++;
            q++;
            r++;
        }
        printf("Ciphertext: ");
        puts(encrypted);
        fputs(encryption_text, fp);
        fprintf(fp, ";");
        fputs(encrypted, fp);
        free(decrypted);
        free(encrypted);
        free(encryption_text);
        fclose(fp);
    } else {
        FILE *fp = fopen("ciphertext.txt", "r+");
        char buffer[1000];
        char *encryption_text;
        char *encrypted;
        char *decrypted;
        char delimeter[2] = ";";
        char *token;
        char *p, *q, *r;
        fgets(buffer, 1000, fp);
        encrypted = (char *)calloc(strlen(buffer) * sizeof(char), sizeof(char));
        encryption_text = (char *)calloc(strlen(buffer) * sizeof(char), sizeof(char));
        token = strtok(buffer, delimeter);
        strcpy(encryption_text, token);
        encrypted = strrchr(buffer, '\0');
        if (encrypted != NULL) {
            strcpy(encrypted, encrypted + 1);
        }
        decrypted = (char *)calloc(strlen(buffer) * sizeof(char), sizeof(char));
        for (p = decrypted, q = encryption_text, r = encrypted;
                *r != '\0'; p++, r++, q++) {
            if (*q == '\0') {
                q = encryption_text;
            }
            *p = (*r - 'A' - (*q - 'A') + 26) % 26 + 'A';
        }
        printf("Plaintext: ");
        puts(decrypted);
        printf("Key: ");
        puts(encryption_text);
        printf("Ciphertext: ");
        puts(encrypted);
        if (decrypted) free(decrypted);
        if (encrypted) free(encrypted);
        if (encryption_text) free(encryption_text);
        fclose(fp);
    }
    return 0;
}

我希望你能告诉我它崩溃的原因。谢谢!

1 个答案:

答案 0 :(得分:0)

崩溃的主要原因可能是以下一行,

    encrypted = strrchr(buffer, '\0');

,其中encrypted指向由局部变量buffer表示的内存中的某个位置。这很可能是堆栈上的内存,但至少这个内存尚未通过malloc/calloc分配。

因此,稍后释放encrypted很可能会在free - 操作时崩溃。

顺便说一句:正如评论中所述,在使用malloc/calloc时重新考虑您的strcpy语句,以便为终止'\0'留出空间。

此外,请注意strrchr(buffer, '\0')返回指向buffer中包含的字符串末尾的指针;在使用'\0'终止strcpy后立即从某个位置复制内存可能很关键,因为不能保证会有第二个字符串终止字符。

encrypted = strrchr(buffer, '\0');
        if (encrypted != NULL) {
            strcpy(encrypted, encrypted + 1);
        }