#include <stdio.h> #include <stdlib.h> typedef struct { int a[2]; double d; } struct_t; double fun(int i) { volatile struct_t s; /*可更新的变量没有固定的值*/ s.d = 3.14; s.a[i] = 1073741824; /* Possibly out of bounds */ return s.d; /* Should be 3.14 */ } int main(int argc, char *argv[]) { /*第一个参数为参数个数,若未输入任何值则为1*/ int i = 0; if (argc >= 2) i = atoi(argv[1]); double d = fun(i); printf("fun(%d) --> %.10f\n", i, d); return 0; } /* gec@ubuntu:/mnt/hgfs/share/csapp_code$ ./a.out 0 fun(0) --> 3.1400000000 gec@ubuntu:/mnt/hgfs/share/csapp_code$ ./a.out 1 fun(1) --> 3.1400000000 gec@ubuntu:/mnt/hgfs/share/csapp_code$ ./a.out 2 fun(2) --> 3.1399998665 gec@ubuntu:/mnt/hgfs/share/csapp_code$ ./a.out 3 fun(3) --> 2.0000006104 gec@ubuntu:/mnt/hgfs/share/csapp_code$ ./a.out 4 fun(4) --> 3.1400000000 */ /*问题的原因是缓冲区溢出,函数参数保存在栈里,当调用fun函数时数组越界访问并没有对栈边界进行检查*/
