c - 缓冲区 '' 被越界访问

Question

在使用静态代码分析工具 cppcheck ( http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Main_Page ) 检查期间，该工具在代码中发现了一个严重错误：

#define MAX_PICTURE_HISTORY 10

#define PICTURE_INTERLACED_ODD 1
#define PICTURE_INTERLACED_EVEN 2

typedef struct
{
    unsigned char* pData;
    unsigned int Flags;
} TPicture;


typedef struct
{
    TPicture* PictureHistory[MAX_PICTURE_HISTORY];
    unsigned char *Overlay;
    unsigned int OverlayPitch;
    unsigned int LineLength;
    int FrameWidth;
    int FrameHeight;
    int FieldHeight;
    MEMCPY_FUNC* pMemcpy;
    unsigned int InputPitch;
} TDeinterlaceInfo;

代码：

TPicture Picture[ 8 ];
int stride = (width*2);
int i;

Info.FieldHeight = height / 2;
Info.FrameHeight = height;
Info.FrameWidth = width;
Info.InputPitch = stride*2;
Info.LineLength = stride;
Info.OverlayPitch = outstride;
Info.pMemcpy = fast_memcpy;

Picture[ 0 ].pData = data->f0 + stride;
Picture[ 0 ].Flags = PICTURE_INTERLACED_ODD;

Picture[ 1 ].pData = data->f0;
Picture[ 1 ].Flags = PICTURE_INTERLACED_EVEN;

Picture[ 2 ].pData = data->f1 + stride;
Picture[ 2 ].Flags = PICTURE_INTERLACED_ODD;

Picture[ 3 ].pData = data->f1;
Picture[ 3 ].Flags = PICTURE_INTERLACED_EVEN;

Picture[ 4 ].pData = data->f2 + stride;
Picture[ 4 ].Flags = PICTURE_INTERLACED_ODD;

Picture[ 5 ].pData = data->f2;
Picture[ 5 ].Flags = PICTURE_INTERLACED_EVEN;

for( i = 0; i < MAX_PICTURE_HISTORY; i++ ) {
    Info.PictureHistory[ i ] = &(Picture[ i ]);   /* <-- The buffer Picture is accessed out of bounds */
}

上面的代码似乎没有任何问题。任何想法为什么这些被捡起以及如何解决这个问题？此致。

Answer 1

MAX_PICTURE_HISTORY定义为 10 但Picture只有 8 个元素

Answer 2

你有

#define MAX_PICTURE_HISTORY 10

接着

TPicture Picture[ 8 ];

for( i = 0; i < MAX_PICTURE_HISTORY; i++ ) {
    Info.PictureHistory[ i ] = &(Picture[ i ]);   /* <-- The buffer Picture is accessed out of bounds */
}

访问的元素比提供的元素多两个。

Answer 3

该消息是应得的。您的图片数组有 8 个元素 (0..7)，而循环运行到 MAX_PICTURE_HISTORY < 10 访问数组之外​​的元素 8 和 9。

如果您使用，代码会更干净，并且不会出现类似的错误

 TPicture Picture[ MAX_PICTURE_HISTORY ];

而不是硬编码的 8。