C语言 用例子解释编程中的堆栈溢出和堆溢出?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4700998/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Explain stack overflow and heap overflow in programming with example?
提问by mr_eclair
Possible Duplicate:
What is a stack overflow error?
可能的重复:
什么是堆栈溢出错误?
Can any one tell me how and why stack overflow and heap overflow actually occur in programs, and how to overcome stack overflow in programming - how to avoid it?
谁能告诉我程序中实际发生堆栈溢出和堆溢出的方式和原因,以及如何克服编程中的堆栈溢出 - 如何避免它?
回答by Jonathan Leffler
Stack Overflow
堆栈溢出
void stack_overflow(const char *x)
{
char y[3];
strcpy(y, x);
}
Heap Overflow
堆溢出
void heap_overflow(const char *x)
{
char *y = malloc(strlen(x));
strcpy(y, x);
}
Analysis
分析
Both functions trample beyond the allocated space.
这两个函数都超出了分配的空间。
If you call stack_overflow("abc"), it copies 4 characters (including the null) into space allocated for 3 characters. What happens after that depends on where the damage was done. The variable yis on the stack, so it is stack overflow.
如果您调用stack_overflow("abc"),它会将 4 个字符(包括空值)复制到为 3 个字符分配的空间中。之后会发生什么取决于损坏的位置。变量y在栈上,所以是栈溢出。
Regardless of how you call heap_overflow(), it asks for one too few bytes from the heap and then writes beyond the end. What's insidious about that is that some of the time - even most of the time - it will seem to work because the heap system allocates more space than you request. However, you might trample on control data, and then all bets are off.
无论您如何调用heap_overflow(),它都会从堆中请求一个太少的字节,然后写入到最后。阴险的是,在某些时候 - 甚至大部分时间 - 它似乎会起作用,因为堆系统分配的空间比您请求的要多。但是,您可能会践踏控制数据,然后所有赌注都将取消。
The heap overflow is very small, and hard to detect. The stack overflow can be small (non-existent if the passed string is short enough) or dramatic. You normally get more dramatic effects when you write further beyond the allocated space, but any writing beyond the allocated space leads to undefined behaviour - anything could happen.
堆溢出非常小,难以检测。堆栈溢出可能很小(如果传递的字符串足够短,则不存在)或显着。当您在分配的空间之外进一步写入时,通常会获得更显着的效果,但任何超出分配空间的写入都会导致未定义的行为 - 任何事情都可能发生。
You ensure there are no problems by knowing how big the object you are copying is and how much space there is to receive it, and by making sure that you do not copy more material than there is space. Always, every time.
您可以通过了解您正在复制的对象有多大以及有多少空间来接收它来确保没有问题,并确保您复制的材料不会超过空间。总是,每次。
回答by Infinite
"stack overflow" is different from "stack-based buffer overflow". The former is due to too deep activation records, for example an unstopping recursive call. The latter is a software bug due to insufficient boundary check, which is the most frequently exploited vulnerability.
“堆栈溢出”不同于“基于堆栈的缓冲区溢出”。前者是由于太深的激活记录,例如一个不间断的递归调用。后者是由于边界检查不足导致的软件错误,是最常被利用的漏洞。
回答by TonyK
Stack overflow:
堆栈溢出:
static void f(void) { f() ; }
int main() { f() ; }
Heap overflow:
堆溢出:
#include <stdlib.h>
int main() { while (1) malloc (1000) ; }
EditApparently this is not what heap overflow means. See comments below.
编辑显然这不是堆溢出的意思。请参阅下面的评论。
