tags:

views:

156

answers:

3
+1  Q: 

Problems with 'Heap Buffer' Error in C

I get the following error in my C program: 

Writing to heap after end of help buffer

Can you tell me what I'm missing?

char * path_delimiter(char * path)
{
    int i = 0, index = 0, size = 0, length = (int)strlen(path);
    char *tmp, *ans;

    for(; i < length; i++) {
        if(path[i] == PATH_DELIM[0]) {
          break;
        }
    }
    i++;
    size = (int)strlen(path) - i;
    ans = (char*)malloc(sizeof(path));
    tmp = (char*)malloc(size);
    strcpy(ans,path);
    ans[i-1] = END_ARRAY;

    if(size > 0)
    {
        strcpy(tmp,&path[i]);
        realloc(path,size);
        strcpy(path,tmp);
    }
    else 
    {
        strcpy(path,ans);
    }
free(tmp);

return ans;
}
+5  A: 

You are not checking if malloc and realloc succeeded. More importantly, realloc may return a different handle which you are discarding.

Further, you have:

ans = malloc(sizeof(path));
...
strcpy(ans, path);

On the most common platform today, sizeof(path) is most likely 4 or maybe 8, regardless of the length of the character array path points to.

Sinan Ünür  2009-10-09 13:29:06
+8  A: 

This ...

sizeof(path)

... is the same as ...

sizeof(char *)

... which is the size of the pointer (not the size of the buffer which it's pointing to), so it's probably about 4.

So this ...

ans= (char*)malloc(sizeof(path));

... is a 4-byte buffer, and so this ...

strcpy(ans,path);

... is overwriting (writing past the end of) that buffer.

Instead of ...

malloc(sizeof(path));

... I think you want ...

malloc(strlen(path)+1);
ChrisW  2009-10-09 13:33:21
To the OP: Please, use strncpy for now on. It will save you a lot of headaches down the road.
Calyth  2009-10-09 13:42:24
Shouldn't that be: malloc(sizeof(char)*(strlen(path)+1));You are assuming the char is 1 byte.
Andrew  2009-10-09 13:56:00
Andrew, I think `sizeof(char)` always equals 1, by definition.
ChrisW  2009-10-09 14:04:14
@Calyth - strncpy() is not a panacea; it does not always null terminate the string it copies, and it always writes as many characters as you tell it there is space for (which are not contradictory statements, though it might seem like that).
Jonathan Leffler  2009-10-09 23:05:59
A: 

You normally need size = strlen(xxx) + 1; to allow for the null terminator on the string.

In this case, I think you need:

size = strlen(path) - i + 1;
Jonathan Leffler  2009-10-09 13:34:11
thans for you all its solve my problem... but to be sure when i use the method strlen i need to add 1 for the '\0' if not then why do i need the +1 thanks again
eran  2009-10-09 22:49:42
The `strlen()` function counts the number of characters in the string excluding the terminating null. When you allocate memory, you must allocate enough memory for the string including the terminating null, which is therefore 'strlen(whatever)+1' bytes.
Jonathan Leffler  2009-10-09 23:07:19

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS