By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,110 Members | 990 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,110 IT Pros & Developers. It's quick & easy.

strncpy memory corruption

P: 16
Hi,

I am writing a small program to basically copy ls. I would like to copy a string so I thought I would use strncpy but I
am getting the following error:

I thought I would be able to debug this but i have been through the man pages and can't figure it out. Doing the same thing with strcpy works fine. The reason I wanted to use strncpy is because it is safe (as far as I am aware) I have seen a few posts to say that it doesn't guarantee adding a '\0' to the end, is this the case? If so how do you copy strings safely?


Expand|Select|Wrap|Line Numbers
  1. *** glibc detected *** ./lscf: malloc(): memory corruption: 0x0804b018 ***
  2. ======= Backtrace: =========
  3. /lib/libc.so.6xb7de56e1]
  4. /lib/libc.so.6xb7de7671]
  5. /lib/libc.so.6(__libc_malloc+0x85)xb7de90c5]
  6. ./lscfx8048a95]
  7. ./lscfx804887a]
  8. /lib/libc.so.6(__libc_start_main+0xdc)xb7d96f9c]
  9. ./lscfx8048671]
  10. ======= Memory map: ========
  11. 08048000-08049000 r-xp 00000000 00:12 3223837912  /home/astro/phrfad/programming/C/lscf/lscf
  12. 08049000-0804a000 r-xp 00000000 00:12 3223837912  /home/astro/phrfad/programming/C/lscf/lscf
  13. 0804a000-0804b000 rwxp 00001000 00:12 3223837912  /home/astro/phrfad/programming/C/lscf/lscf
  14. 0804b000-0806e000 rwxp 0804b000 00:00 0          eap]
  15. b7c00000-b7c21000 rwxp b7c00000 00:00 0
  16. b7c21000-b7d00000 ---p b7c21000 00:00 0
  17. b7d80000-b7d81000 rwxp b7d80000 00:00 0
  18. b7d81000-b7ea9000 r-xp 00000000 03:01 33558130   /lib/libc-2.5.so
  19. b7ea9000-b7eaa000 r-xp 00128000 03:01 33558130   /lib/libc-2.5.so
  20. b7eaa000-b7eac000 rwxp 00129000 03:01 33558130   /lib/libc-2.5.so
  21. b7eac000-b7eaf000 rwxp b7eac000 00:00 0
  22. b7ee1000-b7eeb000 r-xp 00000000 03:01 33561104   /lib/libgcc_s.so.1
  23. b7eeb000-b7eed000 rwxp 00009000 03:01 33561104   /lib/libgcc_s.so.1
  24. b7eed000-b7eef000 rwxp b7eed000 00:00 0
  25. b7eef000-b7ef0000 r-xp b7eef000 00:00 0          dso]
  26. b7ef0000-b7f0b000 r-xp 00000000 03:01 33742551   /lib/ld-2.5.so
  27. b7f0b000-b7f0d000 rwxp 0001a000 03:01 33742551   /lib/ld-2.5.so
  28. bfe1b000-bfe33000 rw-p bfe1b000 00:00 0          tack]
  29. Aborted
  30.  

Expand|Select|Wrap|Line Numbers
  1. .
  2.   char dir_path[BUFSIZ], *newdir;
  3. .
  4. .
  5. /* newdir is malloced here */
  6. .
  7.     //if((strcpy(newdir, dir_path)) == NULL)
  8.     if((strncpy(newdir, dir_path, BUFSIZ)) == NULL)
  9.        fatal(0, "strncpy");
  10. .
  11.  
Apr 25 '08 #1
Share this Question
Share on Google+
5 Replies


Expert 10K+
P: 11,448
Expand|Select|Wrap|Line Numbers
  1. .
  2.   char dir_path[BUFSIZ], *newdir;
  3. .
  4. .
  5. /* newdir is malloced here */
  6. .
  7.     //if((strcpy(newdir, dir_path)) == NULL)
  8.     if((strncpy(newdir, dir_path, BUFSIZ)) == NULL)
  9.        fatal(0, "strncpy");
  10. .
  11.  
I don't see any allocation to 'newdir' at all; you just copy (part of) a string to an
indeterminate 'newdir' value.

kind regards,

Jos
Apr 25 '08 #2

P: 57
*newdir -: means only pointer. we want to allocate space if want to assign value.

eg:-char *newdir=new char[BUFSIZ]
Apr 25 '08 #3

P: 16
*newdir -: means only pointer. we want to allocate space if want to assign value.

eg:-char *newdir=new char[BUFSIZ]
sorry, I did allocate for newdir I just forgot to put it in the code snippit:

Expand|Select|Wrap|Line Numbers
  1.     /* copy filename to new string to recurs into later */
  2.     if((newdir = (char *)malloc(strlen(dir_path)+1)) == NULL)
  3.       fatal(0, "malloc");
  4.  
  5.  
Apr 25 '08 #4

weaknessforcats
Expert Mod 5K+
P: 9,197
You are allocating dir_path+1.

You are using strncpy to copy BUFSIZ characters. dir_path is an array of BUFSIZE. Therefore, strncpy has encountered the limit before encountering a null terminator in the source string. Therefore, strncpy does not put a null terminator on your string. Later, when you use dir_path as a string, you will have problems.

How do you copy strings safely in C? You write a function that has the source and destination strings as pointer arguments plus arguments for the source and destination buffer size. Then you copy until the destination is full but not more than the source buffer length incase the source is screwed up.

Then you never use the C library functions anywhere in your code excepot in this function. And I might not even use them there.

Finally, you develop your family of secure string functions.

Or you use Windows where these are already written for you.
Apr 25 '08 #5

P: 16
Thanks for your reply. I was going to say that it isn't working still, but it is. I changed the size values in the malloc and strncpy for the return value of the snprintf (accounting for \0) function and changed size for snprintf.

I didn't realise the string libraries were so unsafe, I though the *n* functions rectified that!

David


You are allocating dir_path+1.

You are using strncpy to copy BUFSIZ characters. dir_path is an array of BUFSIZE. Therefore, strncpy has encountered the limit before encountering a null terminator in the source string. Therefore, strncpy does not put a null terminator on your string. Later, when you use dir_path as a string, you will have problems.

How do you copy strings safely in C? You write a function that has the source and destination strings as pointer arguments plus arguments for the source and destination buffer size. Then you copy until the destination is full but not more than the source buffer length incase the source is screwed up.

Then you never use the C library functions anywhere in your code excepot in this function. And I might not even use them there.

Finally, you develop your family of secure string functions.

Or you use Windows where these are already written for you.
Apr 28 '08 #6

Post your reply

Sign in to post your reply or Sign up for a free account.