473,287 Members | 1,581 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,287 software developers and data experts.

What is wrong with this code?

Hello,

I am wondering whats wrong with the following code. It is crashing on
Linux, but works fine on AIX.

The function basically get DbNm@Srvr string and then return DbNm and
Srvr back to the calling program.
#define IDFR_VAL_SIZE 100

int rmlPvtGetDbNm(char *sDb, char *sSrvr, char *sDbNm)
{
char *sTok;

memset(sDb, '\0', IDFR_VAL_SIZE);
memset(sSrvr, '\0', IDFR_VAL_SIZE);

sTok = malloc(IDFR_VAL_SIZE);

sTok = strtok( sDbNm, "@" );
strcpy(sDb, sTok);

sTok = strtok(NULL, "@" );
strcpy(sSrvr, sTok);

free(sTok);

if (memcmp(sDb, "NO-DB", 5) ==0)
{
return 1;
}
return 0;

}
with regards,

prabh
Nov 13 '05 #1
3 5202
On 28 Jul 2003 20:37:22 -0700, pr*******@videotron.ca (Prabh) wrote in
comp.lang.c:
Hello,

I am wondering whats wrong with the following code. It is crashing on
Linux, but works fine on AIX.

The function basically get DbNm@Srvr string and then return DbNm and
Srvr back to the calling program.
#define IDFR_VAL_SIZE 100

int rmlPvtGetDbNm(char *sDb, char *sSrvr, char *sDbNm)
{
char *sTok;

memset(sDb, '\0', IDFR_VAL_SIZE);
memset(sSrvr, '\0', IDFR_VAL_SIZE);
Where are the arrays of characters that sDb and sSrvr point to
allocated or defined? If either of them actually points to less than
100 characters, you are writing past into memory you don't own, a good
way to crash.
sTok = malloc(IDFR_VAL_SIZE);

sTok = strtok( sDbNm, "@" );
This is a memory leak. You allocate 100 characters to sTok, then
throw away the allocated memory by assigning the return value of
strtok() to it. Poof, 100 bytes leaked and gone.
strcpy(sDb, sTok);
strtok() can return a null pointer. Passing a null pointer as the
second argument to strcpy() is undefined behavior and can cause a
crash. Alternatively, if the first '@' character is more than 100
characters into sDbNm, you'll overflow
sTok = strtok(NULL, "@" );
strcpy(sSrvr, sTok);
Likewise, strtok() can return a null pointer here. Never use the
value returned by strtok() without testing for NULL.
free(sTok);
This is almost certainly what is causing your crash. You allocated
memory to sTok, then you lost the pointer to it by overwriting it with
the return value of strtok(), not once, but twice.

So now you are trying to free sTok. But the value you are passing to
free() is not the pointer value returned by malloc().
if (memcmp(sDb, "NO-DB", 5) ==0)
{
return 1;
}
return 0;

}
with regards,

prabh


--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++ ftp://snurse-l.org/pub/acllc-c++/faq
Nov 13 '05 #2
On Mon, 28 Jul 2003 20:37:22 -0700, Prabh wrote:
Hello,

I am wondering whats wrong with the following code. It is crashing on
Linux, but works fine on AIX.
I'm sure IBM would help you fix^H^H^H port your code.
The function basically get DbNm@Srvr string and then return DbNm and
Srvr back to the calling program.

#define IDFR_VAL_SIZE 100

int rmlPvtGetDbNm(char *sDb, char *sSrvr, char *sDbNm)
{
char *sTok;

memset(sDb, '\0', IDFR_VAL_SIZE);
memset(sSrvr, '\0', IDFR_VAL_SIZE);

sTok = malloc(IDFR_VAL_SIZE);

sTok = strtok( sDbNm, "@" );
You've just lost the memory from the malloc.
strcpy(sDb, sTok);

sTok = strtok(NULL, "@" );
strcpy(sSrvr, sTok);

free(sTok);
Now you are free'ing a random offset into sDbNm.
if (memcmp(sDb, "NO-DB", 5) ==0)
{
return 1;
}
return 0;

}


You also assume a lot of things about the sizes of the objects and don't
check any return values (and the memcmp() at the end implies to me that
the strtok()'s could fail).

--
James Antill -- ja***@and.org
Need an efficent and powerful string library for C?
http://www.and.org/vstr/

Nov 13 '05 #3
Prabh wrote:
Hello,

I am wondering whats wrong with the following code. It is crashing on
Linux, but works fine on AIX.

The function basically get DbNm@Srvr string and then return DbNm and
Srvr back to the calling program.
#define IDFR_VAL_SIZE 100

int rmlPvtGetDbNm(char *sDb, char *sSrvr, char *sDbNm)
{
char *sTok;

memset(sDb, '\0', IDFR_VAL_SIZE);
memset(sSrvr, '\0', IDFR_VAL_SIZE);

sTok = malloc(IDFR_VAL_SIZE);

sTok = strtok( sDbNm, "@" );
strcpy(sDb, sTok);

sTok = strtok(NULL, "@" );
strcpy(sSrvr, sTok);

free(sTok);

if (memcmp(sDb, "NO-DB", 5) ==0)
{
return 1;
}
return 0;

}


You overwrite the value returned from malloc() not once, but three
times! No wonder free() gets confused. Even worse, there was never any
need to malloc() or free() anything. See the code below to see just how
much simpler your code could have been. Why your code "worked" before is
anyone's guess. One correct way of your code's working is to crash.
#include <string.h>
#include <stdio.h>

#define IDFR_VAL_SIZE 100

int rmlPvtGetDbNm(char *sDb, char *sSrvr, char *sDbNm)
{
char *sTok;

if ((sTok = strtok(sDbNm, "@")))
strcpy(sDb, sTok);

if ((sTok = strtok(NULL, "@")))
strcpy(sSrvr, sTok);

return (memcmp(sDb, "NO-DB", 5) == 0);
}
int main(void)
{
char input[IDFR_VAL_SIZE] = "DbNm@Srvr";
char dbnm[IDFR_VAL_SIZE], srvr[IDFR_VAL_SIZE];
printf("return value was: %d\n", rmlPvtGetDbNm(dbnm, srvr, input));
printf("dbnm: %s, srvr: %s\n", dbnm, srvr);
return 0;
}

Nov 13 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: RobertTG | last post by:
Someone please translate the code below into English... Particularly the indicated line Thanks function attachComment() { var aForms = document.getElementsByTagName("FORM"); for (var i = 0;...
13
by: dbuchanan | last post by:
This code resets a form with two cbo's (comboBoxes) and one datagrid. The first cbo (cboSelection) selects a main table and filters the second cbo. The second cbo (cboView) selects the secondary...
9
by: oddvark | last post by:
Hello, under vc7.1 this code compiles: if (!parent.fillTool) parent.fillTool.dispose; where dispose is a method of fillTool. Notice that dispose does not have ( ) behind it. Under vc8,...
1
by: locy | last post by:
can someone explain to me "what does this code do" class baseclass { public: virtual void runme() { std::cout<<"are you"<<std::endl; }
5
by: lucas | last post by:
is a javascript file; is ajax? or javascript but in hidden code? eval(function(p,a,c,k,e,d) {e=function(c)...
1
maher5
by: maher5 | last post by:
hi i had some help completing my assignment which i still dont understand fully. i dont know what this bit of the code means/do. the assignment was the morse code convertion. ...
3
by: qianz99 | last post by:
Hi I am not sure what this code does. I have the following questions 1. where is the case? 2. #define TLV_INTEGER(name, octets) p->name = -1; Is it define a function TLV_INTEGER(name, octets) ...
6
by: sbcs | last post by:
I'm a website developer. Recently I've found variations of this code on the home pages of several of my sites. It triggers warnings in some anti-virus/malware programs but not in others. The pages...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.