ansaurus

Question

How to overwrite an array of char pointers with a larger list of char pointers?

Answer 1

A:

Don't you need to multiple g.gl_pathc by sizeof(char *)?

bmargulies 2010-03-15 01:22:09

hm, yes.. but i think part of the problem is cmd->argv is probably smaller than g.gl_pathv.after all if the initial argv is made up of two elements: "ls" and "*.h".. the *.h could be expanded into 100s of filenames

Casey 2010-03-15 01:26:27

good point. I just spotted the low-hanging bug.

bmargulies 2010-03-15 01:36:05

Answer 2

+1 A:

argv is an array of pointers of char *. This means that argv has space for argc char * values. If you try to copy more than that many char * values into it, you will end up with an overflow.

Most likely your glob call results in more than argc elements in gl_pathv field (i.e, gl_pathc > argc). This is undefined behavior.

It is similar to the code below:

/* Wrong code */
#include <string.h>

int a[] = { 1, 2, 3 };
int b[] = { 1, 2, 3, 4 };
memcpy(a, b, sizeof b);

Solution: you should either work with the glob_t struct directly, or allocate new space to copy gl_pathv to a new char **:

char **paths = malloc(g.gl_pathc * sizeof *paths);
if (paths == NULL) { /* handle error */ }
for (size_t i=0; i < g.gl_pathc; ++i) {
    /* The following just copies the pointer */
    paths[i] = g.gl_pathv[i];

    /* If you actually want to copy the string, then
       you need to malloc again here.

       Something like:

       paths[i] = malloc(strlen(g.gl_pathv[i] + 1));

       followed by strcpy.
     */
}

/* free all the allocated data when done */

Edit: after your edit:

cmd->argv = calloc(g.gl_pathc, sizeof(char *) *g.gl_pathc);

it should work, but each of argv[1] to argv[g.gl_pathc + g.gl_offs - 1] is a char * that is "owned" by the struct glob. Your memcpy call is only copying the pointers. When you later do globfree(), those pointers don't mean anything anymore. So, you need to do copy the strings for your use:

size_t i;
cmd->argv = malloc((g.gl_pathc+g.gl_offs) * sizeof *cmd->argv);
for (i=g.gl_offs; i < g.gl_pathc + g.gl_offs; ++i)
    cmd->argv[i] = strdup(g.gl_pathv[i]);

This makes sure you now have your own private copies of the strings. Be sure to free them (and argv) once you are done.

There are a few other problems with your code.

You are doing *p++, you should do p++, since you're not using the value of the dereferencing.
You should really check the return value of glob.
Your paths variable needs g.gl_pathc + 1 elements, not g.gl_pathc. (Or more correctly, you need to allocate g.gl_pathc + g.gl_offs times sizeof *paths bytes.)
Your for loop to copy strings should be for (j=1; j < g.gl_pathc + g.gl_offs; ++j).
Make sure you prevent shell from expanding your glob. I.e., call ./a.out '*' instead of ./a.out *.

Alok 2010-03-15 01:37:33

the idea behind my function being passed the command struct is that my function is a handler of sorts that is performing some operation on the command string before it is executed. hence, i need to modify the value of argv in the cmd.

Casey 2010-03-15 01:54:12

But where does the `argv` element of `cmd` come from? If it is an array, you can't just say `cmd->argv = ...`, which is illegal in C. It is like saying: `int a[] = {1, 2};` followed by `a = malloc(...);`.

Alok 2010-03-15 01:59:48

Nevermind, my brain wasn't engaged. I "missed" the definition of `struct cmd`.

Alok 2010-03-15 02:18:45

@Casey, see my edit.

Alok 2010-03-15 02:47:17

@Alok, thanks.. almost there! See my latest edit.

Casey 2010-03-15 03:32:14

@Casey: you are not posting your real code. The `continue;` in the `if` condition doesn't make sense. Also, try replacing: `glob_t g; memset(` by `glob_t g = { 0 };`. Finally, maybe `gl_offs` is only supposed to be written to, not read, so try replacing `gl_offs` by 1 in your code.

Alok 2010-03-15 03:40:36

ansaurus

tags:

views:

answers:

How to overwrite an array of char pointers with a larger list of char pointers?

related questions