问题描述
- 缓冲溢出代码缝分析!!
-
#include
#include
#include
#includeconst char card[] = "IDB_CARD_";
const char *card_4[] = { "SWORD_", "WAND_", "PENT_", "CUP_" };
const char *card_royal[] = { "KING", "KNAVE", "QUEEN", "KNIGHT" };
char *point_to_card[78] = { NULL };
int sort[78] = { 0 };//the card's sorting
int main()//this is a model to get name in dll ,it's ok
{
char current_name[20] = "0", num[2] = "0";
int count = 0, big_count = 0, card_count = 0;int i; strcpy(current_name, card); for (big_count = 1; big_count <= 5; big_count++) { if (big_count == 1) { for (count = 0; count <= 21; count++) { itoa(count, num, 10); strcat(current_name, num); point_to_card[card_count] = (char*)malloc(sizeof(char)*strlen(current_name)); strcpy(point_to_card[card_count], current_name); strcpy(current_name, card); card_count++; } } else{ for (count = 1; count <= 14; count++) { if (count <= 10) { strcat(current_name, card_4[big_count - 2]); itoa(count, num, 10); strcat(current_name, num); point_to_card[card_count] = (char*)malloc(sizeof(char)*strlen(current_name)); strcpy(point_to_card[card_count], current_name); strcpy(current_name, card); card_count++; } else { strcat(current_name, card_4[big_count - 2]); strcat(current_name, card_royal[count - 11]); point_to_card[card_count] = (char*)malloc(sizeof(char)*strlen(current_name)); strcpy(point_to_card[card_count], current_name); strcpy(current_name, card); card_count++; } } } }
解决方案
num[2] 大小不够。
内容("0"~"21")最多2个字符,字符串结束符 在哪里?
不就溢出了!
解决方案二:
现代C++编译器和RT都会有缓冲区溢出防范机制的。除非你在编译的时候把这些安全选项都关闭。具体看下手册。
时间: 2024-09-09 19:02:43