Saturday, August 30, 2008

Answer to pitfall IV




I"m in hurry, hence just a short answer.
This is where the problem lies:

fbs=(foosNbars*)malloc(amount*sizeof(foosNbars));
if(NULL==fbs)


When user inputs big enough amount, the result of amount*sizeof(...) does not fit in 32 bit variable. Variable overflows. What does the overflow result? It results small positive number (since malloc takes arg as unsigned int). Hence malloc really allocates some space - but not the amount user originally requested. Thus the NULL check at next line does not detect the error, and later when user attempts to fill all structs he thinks is allocated... Yep, crash boom bang Segmentation Fault.

No comments:

Post a Comment