记录一个栈被写坏崩溃的实例

demo如下:

int main()

{

        std::string first("adfgx");

        char fuk[4]= {0};

        std::string second("ddddxxx");

        fuk[4] = '\0';   

        std::cout << first << ": " << fuk << ": " << second << std::endl;

        return 0;

}

fuk[4] 的地址是first的data(堆栈是向下生长),指针被写坏,析构时崩溃。

gdb堆栈信息如下:


(gdb) n

11              std::cout << first << ": " << fuk << ": " << second << std::endl;

(gdb) p fuk

$1 = "\000\000\000"

(gdb) p &fuk

$2 = (char (*)[4]) 0x7fffffffe3fc

(gdb) p &(fuk[4])

$3 = 0x7fffffffe400 ""

(gdb) p first

$4 = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x7fffffffe400 ""},

  _M_string_length = 5, {_M_local_buf = "adfgx\000\000\000\000\000\000\000\000\000\000", _M_allocated_capacity = 517130839137}}

(gdb) p second

$5 = {static npos = 18446744073709551615, _M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x7fffffffe3e0 "ddddxxx"},

  _M_string_length = 7, {_M_local_buf = "ddddxxx\000\377\377\000\000\001\000\000", _M_allocated_capacity = 33909455680988260}}
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容