realloc函数使用后数据异常的问题

GodLordGee

想实现一个数组倒序的函数，主要是为了检验realloc、malloc函数的使用，但是在使用中发现，如果使用malloc，将输入的值赋给指针，值是没有问题，使用strlen以及监视器查看，数据是正确的。例如，我输入的是 12，输出的长度是3（因为我用的是fgets，所以会把\n也存进去）,但是，如果我使用了realloc，我发现，整个数组的长度就变成了24，在\n后面填充了大量无效数据，这到底是怎么回事呢？

1. #include <stdlib.h>
   
2. #include <stdio.h>
   
3. #include <string.h>
   
4. 
   
5. int main(void){
   
6.     char *p = NULL;
   
7.     char *num;
   
8.     p = (char *)(malloc(30 * sizeof(char)));
   
9.     printf("please input \n");
   
10.     fgets(p, 30, stdin);
    
11.     // gets(p);
    
12.     printf("%s", p);
    
13.     printf("%u", strlen(p));
    
14.     int lens = strlen(p);
    
15.     p = (char *)realloc(p, lens * sizeof(char));
    
16.     char temp = '0';
    
17.     for (int i = 0; i <= lens/2-1;i++){
    
18.         printf("--%c", p[i]);
    
19.         putchar('\n');
    
20.         p[lens] = p[lens -2 - i];
    
21.         p[lens - 2 - i] = p[i];
    
22.         p[i] = p [lens];
    
23.     }
    
24.     printf("****%s", p);
    
25.     printf("%u", strlen(p));
    
26.     return 0;
    
27. }

复制代码

建议在第15行即realloc处打断点，在倒数第4行打断点，即 printf p处，这样可以在监视器看到p的值明显的不一样

人造人

如果我使用了realloc，我发现，整个数组的长度就变成了24
你怎么知道变成了 24 ？

人造人

还有，你这程序有问题，具体看报错信息
heap-buffer-overflow

1. $ cat main.c
   
2. #include <stdlib.h>
   
3. #include <stdio.h>
   
4. #include <string.h>
   
5. 
   
6. int main(void){
   
7.     char *p = NULL;
   
8.     char *num;
   
9.     p = (char *)(malloc(30 * sizeof(char)));
   
10.     printf("please input \n");
    
11.     fgets(p, 30, stdin);
    
12.     // gets(p);
    
13.     printf("%s", p);
    
14.     printf("%u", strlen(p));
    
15.     int lens = strlen(p);
    
16.     p = (char *)realloc(p, lens * sizeof(char));
    
17.     char temp = '0';
    
18.     for (int i = 0; i <= lens/2-1;i++){
    
19.         printf("--%c", p[i]);
    
20.         putchar('\n');
    
21.         p[lens] = p[lens -2 - i];
    
22.         p[lens - 2 - i] = p[i];
    
23.         p[i] = p [lens];
    
24.     }
    
25.     printf("****%s", p);
    
26.     printf("%u", strlen(p));
    
27.     return 0;
    
28. }
    
29. $ gcc-debug -o main main.c
    
30. main.c: In function ‘main’:
    
31. main.c:13:14: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 2 has type ‘size_t’ {aka ‘long unsigned int’} [-Wformat=]
    
32.    13 |     printf("%u", strlen(p));
    
33.       |             ~^   ~~~~~~~~~
    
34.       |              |   |
    
35.       |              |   size_t {aka long unsigned int}
    
36.       |              unsigned int
    
37.       |             %lu
    
38. main.c:25:14: warning: format ‘%u’ expects argument of type ‘unsigned int’, but argument 2 has type ‘size_t’ {aka ‘long unsigned int’} [-Wformat=]
    
39.    25 |     printf("%u", strlen(p));
    
40.       |             ~^   ~~~~~~~~~
    
41.       |              |   |
    
42.       |              |   size_t {aka long unsigned int}
    
43.       |              unsigned int
    
44.       |             %lu
    
45. main.c:16:10: warning: unused variable ‘temp’ [-Wunused-variable]
    
46.    16 |     char temp = '0';
    
47.       |          ^~~~
    
48. main.c:7:11: warning: unused variable ‘num’ [-Wunused-variable]
    
49.     7 |     char *num;
    
50.       |           ^~~
    
51. $ ./main
    
52. please input
    
53. 1234
    
54. 1234
    
55. 5--1
    
56. =================================================================
    
57. ==25195==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000015 at pc 0x558191689597 bp 0x7ffeed2f55d0 sp 0x7ffeed2f55c0
    
58. WRITE of size 1 at 0x602000000015 thread T0
    
59.     #0 0x558191689596 in main /tmp/main.c:20
    
60.     #1 0x7fedd6d93b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
    
61.     #2 0x55819168918d in _start (/tmp/main+0x218d)
    
62. 
    
63. 0x602000000015 is located 0 bytes to the right of 5-byte region [0x602000000010,0x602000000015)
    
64. allocated by thread T0 here:
    
65.     #0 0x7fedd7961652 in __interceptor_realloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:164
    
66.     #1 0x558191689352 in main /tmp/main.c:15
    
67.     #2 0x7fedd6d93b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
    
68. 
    
69. SUMMARY: AddressSanitizer: heap-buffer-overflow /tmp/main.c:20 in main
    
70. Shadow bytes around the buggy address:
    
71.   0x0c047fff7fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
72.   0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
73.   0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
74.   0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
75.   0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    
76. =>0x0c047fff8000: fa fa[05]fa fa fa fa fa fa fa fa fa fa fa fa fa
    
77.   0x0c047fff8010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    
78.   0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    
79.   0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    
80.   0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    
81.   0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    
82. Shadow byte legend (one shadow byte represents 8 application bytes):
    
83.   Addressable:           00
    
84.   Partially addressable: 01 02 03 04 05 06 07
    
85.   Heap left redzone:       fa
    
86.   Freed heap region:       fd
    
87.   Stack left redzone:      f1
    
88.   Stack mid redzone:       f2
    
89.   Stack right redzone:     f3
    
90.   Stack after return:      f5
    
91.   Stack use after scope:   f8
    
92.   Global redzone:          f9
    
93.   Global init order:       f6
    
94.   Poisoned by user:        f7
    
95.   Container overflow:      fc
    
96.   Array cookie:            ac
    
97.   Intra object redzone:    bb
    
98.   ASan internal:           fe
    
99.   Left alloca redzone:     ca
    
100.   Right alloca redzone:    cb
     
101.   Shadow gap:              cc
     
102. ==25195==ABORTING
     
103. $
     

复制代码

人造人

1. #include <stdlib.h>
   
2. #include <stdio.h>
   
3. #include <string.h>
   
4. 
   
5. int main(void){
   
6.     char *p = NULL;
   
7.     //char *num;
   
8.     //p = (char *)(malloc(30 * sizeof(char)));
   
9.     p = malloc(30);
   
10.     //printf("please input \n");
    
11.     printf("please input: ");
    
12.     fgets(p, 30, stdin);
    
13.     // gets(p);
    
14.     printf("%s", p);
    
15.     //printf("%u", strlen(p));
    
16.     printf("%lu", strlen(p));
    
17.     int lens = strlen(p);
    
18.     //p = (char *)realloc(p, lens * sizeof(char));
    
19.     p = realloc(p, lens + 1);
    
20.     //char temp = '0';
    
21.     for (int i = 0; i <= lens/2-1;i++){
    
22.         printf("--%c", p[i]);
    
23.         putchar('\n');
    
24. 
    
25.         //p[lens] = p[lens -2 - i];
    
26.         //p[lens - 2 - i] = p[i];
    
27.         //p[i] = p [lens];
    
28.     }
    
29.     printf("****%s", p);
    
30.     //printf("%u", strlen(p));
    
31.     printf("%lu", strlen(p));
    
32.     free(p);
    
33.     return 0;
    
34. }
    

复制代码

人造人

1. #include <stdlib.h>
   
2. #include <stdio.h>
   
3. #include <string.h>
   
4. 
   
5. int main(void){
   
6.     char *p = NULL;
   
7.     //char *num;
   
8.     //p = (char *)(malloc(30 * sizeof(char)));
   
9.     p = malloc(30);
   
10.     //printf("please input \n");
    
11.     printf("please input: ");
    
12.     fgets(p, 30, stdin);
    
13.     // gets(p);
    
14.     printf("%s", p);
    
15.     //printf("%u", strlen(p));
    
16.     printf("%lu", strlen(p));
    
17.     int lens = strlen(p);
    
18.     //p = (char *)realloc(p, lens * sizeof(char));
    
19.     p = realloc(p, lens + 1);
    
20.     //char temp = '0';
    
21.     /*
    
22.     for (int i = 0; i <= lens/2-1;i++){
    
23.         printf("--%c", p[i]);
    
24.         putchar('\n');
    
25. 
    
26.         // 这是做什么？
    
27.         //p[lens] = p[lens -2 - i];
    
28.         //p[lens - 2 - i] = p[i];
    
29.         //p[i] = p [lens];
    
30.     }
    
31.     */
    
32.     int i = 0, j = lens - 2;
    
33.     while(i < j) {
    
34.         char temp = p[i];
    
35.         p[i] = p[j];
    
36.         p[j] = temp;
    
37.         ++i; --j;
    
38.     }
    
39.     printf("****%s", p);
    
40.     //printf("%u", strlen(p));
    
41.     //printf("%lu", strlen(p));
    
42.     printf("%lu\n", strlen(p));
    
43.     free(p);
    
44.     return 0;
    
45. }
    

复制代码

GodLordGee

人造人 发表于 2021-11-7 00:18
还有，你这程序有问题，具体看报错信息
heap-buffer-overflow

感谢您的回复！可是我看不懂。。。我想知道的是，我在上面使用了malloc以后，在下面紧接着就使用了realloc，可是打了断点以后我发现realloc一执行完以后，指针p里面的数据就变了
没运行realloc之前，p的值是：0xe4840 "12\n"
运行realloc以后，p的值是：0xe4840 "12\n\253\253\253\253\253\253\253\253\253\253\253\253\253\253\253\253\272\r\272\r&#65533;\376\253\253\253\253\253\253\253\253\253\253\253\253\253\253\253", <incomplete sequence \376>

请问，是我使用realloc的用法用错了吗？

人造人

GodLordGee 发表于 2021-11-7 00:38
感谢您的回复！可是我看不懂。。。我想知道的是，我在上面使用了malloc以后，在下面紧接着就使用了reallo ...

对，看最后一个代码，给你改好了