-2

函数返回堆栈变量的地址,这将导致意外的程序行为,通常以崩溃的形式出现。以下函数返回一个堆栈地址:

int init(char *device, DriverType driver)
{
    int rv = -1;

    if (autodetect) {
        void *md;
        const char *p = NULL;
        char buf[PATH_MAX];

        *device = 0;
        md = discover_media_devices();
        if (!md) {
            fprintf (stderr, "open: Failed to open \"auto\" device");
            if (*device)
                fprintf (stderr, " at %s\n", device);
            else
                fprintf (stderr, "\n");
            goto failure;
        }

        while (1) {
            p = get_associated_device(md, p, MEDIA_V4L_RADIO, NULL, NONE);
            if (!p)
                break;
            snprintf(buf, sizeof(buf), "/dev/%s", p);
            device = &buf[0];
        }

    free_media_devices(md);
    /* out_of_scope: Variable "buf" goes out of scope */
    }

    switch (driver) {
            case DRIVER_ANY:
            case DRIVER_V4L2:
            default:
                    goto try_v4l2;
            case DRIVER_V4L1:
                    goto try_v4l1;
    }

try_v4l1:
    dev = v4l1_radio_dev_new();
    /* use_invalid: Using "device", which points to an out-of-scope variable "buf" */
    rv = dev->init (dev, device);
    ----------------------------

try_v4l2:
    dev = v4l2_radio_dev_new();
    /* use_invalid: Using "device", which points to an out-of-scope variable "buf" */
    rv = dev->init (dev, device);
    ----------------------------

failure:
    return rv;
}

请帮助在代码中解决此问题

4

1 回答 1

2

你大致有两种选择:

  1. 在调用init函数之前在堆栈上分配 char :

    char ch[PATH_MAX];
init (ch, ...);

  2. 使用malloc在函数内部分配字符,并在init函数外部释放分配的内存。

    int init(char *device, DriverType driver)
{
     /*...*/
     device = malloc(PATH_MAX);
     /*...*/
}


char* p;
init (p, ...);
free(p);

第一个选项更加优雅和高效。

于 2013-11-06T09:45:56.130 回答