使用Global Variable的寫法
題目如下:
使用Global Variable的寫法
int idx = 0;
char *p = NULL;
void push(char ch) {
p[idx++] = ch;
}
void pop(void) {
if (idx > 0) {
idx-= 1;
p[idx] = 0;
}
}
char* removeStars(char *s) {
int c0 = 0;
int len = strlen(s);
p = malloc(len + 1);
memset(p, 0, len + 1);
for (c0 = 0; c0 < len; c0++) {
if (s[c0] != '*') {
push(s[c0]);
}
else {
pop();
}
}
return p;
}
Test cases
"aa" "bb"
Exception
=================================================================
==31==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000096 at pc 0x55ca895660b8 bp 0x7ffdca7c0b40 sp 0x7ffdca7c0b30
WRITE of size 1 at 0x602000000096 thread T0
#2 0x7f1f898d60b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
0x602000000096 is located 3 bytes to the right of 3-byte region [0x602000000090,0x602000000093)
allocated by thread T0 here:
#0 0x7f1f8a51bdc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
#3 0x7f1f898d60b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
Shadow bytes around the buggy address:
0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c047fff8000: fa fa 07 fa fa fa 07 fa fa fa 00 07 fa fa 03 fa
=>0x0c047fff8010: fa fa[03]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==31==ABORTING
拿掉Global Variable的寫法
void push(char *p, int *idx, char ch) {
p[(*idx)++] = ch;
}
void pop(char *p, int *idx) {
if (*idx > 0) {
(*idx)-= 1;
p[*idx] = 0;
}
}
char* removeStars(char *s) {
int c0 = 0;
int idx = 0;
int len = strlen(s);
char *p = malloc(len + 1);
memset(p, 0, len + 1);
for (c0 = 0; c0 < len; c0++) {
if (s[c0] != '*') {
push(p, &idx, s[c0]);
}
else {
pop(p, &idx);
}
}
return p;
}