不好意思,再发个帖子
#include<stdio.h>int main()
{
int n,i,j,t;
//scanf("%d",&n);
int a;
for(i=0;i<5;i++)scanf("%d",&a);
for(i=0;i<5;i++){
for(j=0;j<5-i;j++)
if(a>a){
t=a;
a=a;
a=t;
}
}
for(i=0;i<5;i++)printf("%d %d ",i,a);
return 0;
}
那为什么这个代码不越界呢? 这个的结果就是正确的 输入这个试试
4
4 3 2 1
输入这个
5
5 4 3 2 1
$ ./main
5
5 4 3 2 1
main.c:11:24: runtime error: index 5 out of bounds for type 'int '
main.c:11:24: runtime error: load of address 0x7ffe517bf1f4 with insufficient space for an object of type 'int'
0x7ffe517bf1f4: note: pointer points here
05 00 00 00 60 60 00 0000 00 00 00 00 00 00 0001 00 00 00 00 00 00 0068 f3 7b 51 fe 7f 00 00
^
=================================================================
==114142==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe517bf1f4 at pc 0x55cf15f1e5c7 bp 0x7ffe517bf190 sp 0x7ffe517bf180
READ of size 4 at 0x7ffe517bf1f4 thread T0
#0 0x55cf15f1e5c6 in main /tmp/main.c:11
#1 0x7fbddd563b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
#2 0x55cf15f1e14d in _start (/tmp/main+0x214d)
Address 0x7ffe517bf1f4 is located in stack of thread T0 at offset 52 in frame
#0 0x55cf15f1e228 in main /tmp/main.c:3
This frame has 1 object(s):
[32, 52) 'a' (line 6) <== Memory access at offset 52 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /tmp/main.c:11 in main
Shadow bytes around the buggy address:
0x10004a2efde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004a2efdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004a2efe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004a2efe10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004a2efe20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10004a2efe30: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00f3
0x10004a2efe40: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10004a2efe50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004a2efe60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004a2efe70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10004a2efe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==114142==ABORTING
人造人 发表于 2021-11-24 10:34
输入这个
大佬,我直接输入
5 4 3 2 1
结果就是对的,但是按你那样输入
5
5 4 3 2 1
那结果就是越界,少掉1 basketmn 发表于 2021-11-24 10:39
大佬,我直接输入
5 4 3 2 1
结果就是对的,但是按你那样输入
数组越界访问会发生什么 是不确定的,我这边是直接报错退出
讨论数组越界会发生什么 这没有意义,不同的环境很有可能是不一样的
人造人 发表于 2021-11-24 10:34
输入这个
当j=4,那a=a,那就是越界,为什么结果正确,
为什么换成变量n,结果就越界呢? basketmn 发表于 2021-11-24 10:39
大佬,我直接输入
5 4 3 2 1
结果就是对的,但是按你那样输入
输入这个同样是报错退出
5 4 3 2 1
$ ./main
5 4 3 2 1
main.c:11:24: runtime error: index 5 out of bounds for type 'int '
main.c:11:24: runtime error: load of address 0x7ffc7a7cead4 with insufficient space for an object of type 'int'
0x7ffc7a7cead4: note: pointer points here
05 00 00 00 60 60 00 0000 00 00 00 00 00 00 0001 00 00 00 00 00 00 0048 ec 7c 7a fc 7f 00 00
^
=================================================================
==114799==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc7a7cead4 at pc 0x5641cc2235c7 bp 0x7ffc7a7cea70 sp 0x7ffc7a7cea60
READ of size 4 at 0x7ffc7a7cead4 thread T0
#0 0x5641cc2235c6 in main /tmp/main.c:11
#1 0x7f958250bb24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
#2 0x5641cc22314d in _start (/tmp/main+0x214d)
Address 0x7ffc7a7cead4 is located in stack of thread T0 at offset 52 in frame
#0 0x5641cc223228 in main /tmp/main.c:3
This frame has 1 object(s):
[32, 52) 'a' (line 6) <== Memory access at offset 52 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /tmp/main.c:11 in main
Shadow bytes around the buggy address:
0x10000f4f1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000f4f1d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000f4f1d20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000f4f1d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000f4f1d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x10000f4f1d50: 00 00 00 00 f1 f1 f1 f1 00 00f3 f3 f3 f3 f3
0x10000f4f1d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000f4f1d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000f4f1d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000f4f1d90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000f4f1da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==114799==ABORTING
试试这个代码呢,这个代码重写了排序部分
#include<stdio.h>
int main(void)
{
int i , j , n , t ;
scanf("%d" , & n) ;
int a ;
for(i = 0 ; i < n ; i ++) scanf("%d" , & a) ;
for(i = 0 ; i < n - 1 ; i ++) {
for(j = i + 1 ; j < n ; j ++) {
if(a > a) {
t = a ;
a = a ;
a = t ;
}
}
}
printf("%d" , a) ;
for(i = 1 ; i < n ; i ++) printf(" %d" , a) ;
printf("\n") ;
}
编译、运行实况:
D:\0002.Exercise\C>g++ -o x x.c
D:\0002.Exercise\C>x
5
3 8 1 4 2
1 2 3 4 8
D:\0002.Exercise\C> basketmn 发表于 2021-11-24 10:44
当j=4,那a=a,那就是越界,为什么结果正确,
为什么换成变量n,结果就越界呢?
数组越界访问会发生什么 是不确定的,我这边是直接报错退出
讨论数组越界会发生什么 这没有意义,不同的环境很有可能是不一样的 basketmn 发表于 2021-11-24 10:44
当j=4,那a=a,那就是越界,为什么结果正确,
为什么换成变量n,结果就越界呢?
数组越界访问,结果就一定不是正确的吗?
数组越界访问会发生什么 是不确定的,我这边是直接报错退出
讨论数组越界会发生什么 这没有意义,不同的环境很有可能是不一样的
这个不确定,也包括结果正确
我明白了,再次感谢人造人和jackz007两位大佬。
谢谢!
页:
[1]