0

我似乎找不到与我正在做的事情完全匹配的问题,所以就这样吧。下面是我的 C 应用程序的精简版本,可以解决问题所在。我知道这是丑陋的代码并且缺少一些错误检查,但这只是让我找出这个问题。就目前而言,下面的示例应将所有“A”转换为“BCDE”。代码中的注释描述了这个问题。(首先执行runMe)

int runMe2(char *in, char **buffer) {
    long x;
    long b_size = 0; 
    long i_size = 1000;
    long i = 0;
    char t_buffer[1006];

    // Initial malloc small as it will grow
    *buffer = (char *)malloc(2*sizeof(char));
    strcpy(*buffer, "");
    for (x = 0; x < 999; x++)
        t_buffer[x] = 0;
    for (x = 0; x < strlen(in); x++) {
        if (i >= i_size) {
            char *r_buffer;
            b_size = b_size + 1006*sizeof(char);
            i_size = 0;
            // Here is where the problem is.
            // The first time through, i=1000, b_size=1006 and everything is fine
            // The second time throgh, i=1004, b_size=2012 and the heap crashes on the realloc
            r_buffer = (char *)realloc(*buffer, b_size);
            if (r_buffer == NULL)
                exit(0);
            *buffer = r_buffer;
            strcat(*buffer, t_buffer);
            for (x = 0; x < 999; x++)
                t_buffer[x] = 0;
        }
        if (in[x] == 'A') {
            t_buffer[i++] = 'B';
            t_buffer[i++] = 'C';
            t_buffer[i++] = 'D';
            t_buffer[i++] = 'E';
        }
    }
}

int runMe() {
    char *out;
    char in[30000];
    int x = 0;

    // Set up a 29,999 character string
    for (x = 0; x < 30000; x++)
        in[x] = 'A';
    in[29999] = 0;
    // Send it as pointer so we can do other things here
    runMe2(in, &out);
    // Eventually, other things will happen here
    free(out);
}
4

2 回答 2

3 
if (i >= i_size) {
  ...
  i_size = 0;
  ...
}
if (in[x] == 'A') {
  t_buffer[i++] = 'B';
  ...

这不可能。你会写到t_bufferif inis ever longer than the original的末尾i_size。您可能打算在i那里重置,而不是i_size.

t_buffer然后,当您不能保证它正确地以空值终止时,您将使用字符串函数- 您初始化前一千个值,但覆盖循环中的那些。如果您要使用strcat和朋友,则需要更加小心以确保它保持为空终止。但是使用memcpy会导致更简单的代码,因为您知道所涉及的数组的长度。

for (x = 0; x < strlen(in); x++) {
  ...
  for (x = 0; x < 999; x++)
    ...
    t_buffer[x] = 0;

正如Useless所发现的,这也不对。为此使用第二个变量,或者更好地使用memset.

于 2012-10-25T16:46:44.820 回答
2

只是为了好玩,这里有一个不同的算法,它比你的更简单:

int runMe2(char *in, char **buffer)
{
    // Count number of A's
    int number_of_As = 0;
    int i, j;
    for (i = 0; 0 != in[i]; i++) {
        if (in[i] == 'A') {
            number_of_As += 1;
        }
    }

    // If number_of_As == 0, you can just do a strdup here and return

    // Because of 1st loop, i == strlen(in), no need to call strlen
    long bytes = (i - number_of_As + (number_of_As * 4) + 1) * sizeof(char);
    // Error check here

    // Only 1 memeory allocation needed
    *buffer = (char *)malloc(bytes);

    // Simple copy loop
    for (i = 0, j = 0; 0 != in[i]; i++) {
            // If it's an A replace
        if (in[i] == 'A') {
            (*buffer)[j++] = 'B';
            (*buffer)[j++] = 'C';
            (*buffer)[j++] = 'D';
            (*buffer)[j++] = 'E';
        }
            // Not an A, just copy
        else {
            (*buffer)[j++] = in[i];
        }
    }
    // Null terminate
    (*buffer)[j] = 0;

    return j;
}
于 2012-10-25T17:33:13.827 回答